Vulnerabilities > Paxtechnology

DATE CVE VULNERABILITY TITLE RISK
2022-12-16 CVE-2022-26581 Missing Authorization vulnerability in Paxtechnology Paydroid 7.1.1Virgov04.3.26T120210419
PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow an unauthorized attacker to perform privileged actions through the execution of specific binaries listed in ADB daemon.
low complexity
paxtechnology CWE-862
6.8
2022-12-16 CVE-2022-26582 OS Command Injection vulnerability in Paxtechnology Paydroid 7.1.1Virgov04.3.26T120210419
PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow an attacker to gain root access through command injection in systool client.
local
low complexity
paxtechnology CWE-78
7.8
2021-05-07 CVE-2020-36124 XXE vulnerability in Paxtechnology Paxstore 7.0.820200511171508
Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by XML External Entity (XXE) injection.
network
low complexity
paxtechnology CWE-611
6.5
2021-05-07 CVE-2020-36125 Missing Authentication for Critical Function vulnerability in Paxtechnology Paxstore 7.0.820200511171508
Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by incorrect access control where password revalidation in sensitive operations can be bypassed remotely by an authenticated attacker through requesting the endpoint directly.
network
low complexity
paxtechnology CWE-306
7.1
2021-05-07 CVE-2020-36126 Authorization Bypass Through User-Controlled Key vulnerability in Paxtechnology Paxstore 7.0.820200511171508
Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by incorrect access control that can lead to remote privilege escalation.
network
low complexity
paxtechnology CWE-639
8.1
2021-05-07 CVE-2020-36127 Improper Certificate Validation vulnerability in Paxtechnology Paxstore 7.0.820200511171508
Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by an information disclosure vulnerability.
network
low complexity
paxtechnology CWE-295
6.5
2021-05-07 CVE-2020-36128 Authentication Bypass by Spoofing vulnerability in Paxtechnology Paxstore 7.0.820200511171508
Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by a token spoofing vulnerability.
network
low complexity
paxtechnology CWE-290
8.2