CVE-2023-42133

Summary

PAX Android based POS devices allow for escalation of privilege via improperly configured scripts.

An attacker must have shell access with system account privileges in order to exploit this vulnerability. A patch addressing this issue was included in firmware version PayDroid_8.1.0_Sagittarius_V11.1.61_20240226.

Affected Software

VendorProductVersion RangeStatus
PAXPOS terminals0 < 11.1.61_20240226affected

Weaknesses

  • CWE-276: CWE-276 Incorrect Default Permissions

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References