PT-2023-20999 · Pax · Pax A930+1
Saif Aziz
+1
·
Published
2023-07-05
·
Updated
2024-07-03
·
CVE-2023-27198
CVSS v3.1
6.8
Medium
| Vector | AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
PAX A930 device with PayDroid version 7.1.1 Virgo V04.5.02 20220722
Description
The issue allows the execution of arbitrary commands by using the exec service and including a specific word in the command to be executed. The attacker must have physical USB access to the device in order to exploit this.
Recommendations
For PAX A930 device with PayDroid version 7.1.1 Virgo V04.5.02 20220722, consider restricting physical USB access to the device to minimize the risk of exploitation. As a temporary workaround, consider disabling the exec service until a patch is available.
Exploit
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pax A930
Paydroid