CVE-2023-42137

Name of the Vulnerable Software and Affected Versions PAX Android based POS devices with PayDroid versions 8.1.0 Sagittarius V11.1.50 20230614 or earlier

Description The issue is due to insufficient input validation in the PayDroid operating system, allowing an attacker to execute arbitrary commands with high privileges by using malicious symlinks. The attacker must have shell access to the device to exploit this issue.

Recommendations For PAX Android based POS devices with PayDroid versions 8.1.0 Sagittarius V11.1.50 20230614 or earlier, consider restricting shell access to the device to minimize the risk of exploitation. As a temporary workaround, consider disabling the use of symlinks until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.