CVE-2023-42134

Name of the Vulnerable Software and Affected Versions PAX Android based POS devices with PayDroid versions 8.1.0 Sagittarius V11.1.45 20230314 or earlier

Description The issue is related to the presence of undocumented configuration commands in the PayDroid operating system. Exploitation of this issue can allow an attacker to execute arbitrary code. The attacker must have physical USB access to the device to exploit this issue. This can lead to the overwrite of the signed partition and subsequent local code execution via a hidden command.

Recommendations For PAX Android based POS devices with PayDroid versions 8.1.0 Sagittarius V11.1.45 20230314 or earlier, consider restricting physical USB access to the device to minimize the risk of exploitation. As a temporary workaround, consider disabling any functionality that may be related to the undocumented configuration commands until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.