Vulnerabilities > Paxtechnology > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-15 | CVE-2023-42136 | Injection vulnerability in Paxtechnology Paydroid PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow the execution of arbitrary commands with system account privilege by shell injection starting with a specific word. The attacker must have shell access to the device in order to exploit this vulnerability. | 7.8 |
| 2024-01-15 | CVE-2023-42137 | Link Following vulnerability in Paxtechnology Paydroid PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow for command execution with high privileges by using malicious symlinks. The attacker must have shell access to the device in order to exploit this vulnerability. | 7.8 |
| 2024-01-15 | CVE-2023-4818 | Injection vulnerability in Paxtechnology Paydroid 7.1.2Aquarius11.1.5020230614 PAX A920 device allows to downgrade bootloader due to a bug in its version check. | 7.6 |
| 2022-12-16 | CVE-2022-26582 | OS Command Injection vulnerability in Paxtechnology Paydroid 7.1.1Virgov04.3.26T120210419 PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow an attacker to gain root access through command injection in systool client. | 7.8 |
| 2021-05-07 | CVE-2020-36125 | Missing Authentication for Critical Function vulnerability in Paxtechnology Paxstore 7.0.820200511171508 Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by incorrect access control where password revalidation in sensitive operations can be bypassed remotely by an authenticated attacker through requesting the endpoint directly. | 7.1 |
| 2021-05-07 | CVE-2020-36126 | Authorization Bypass Through User-Controlled Key vulnerability in Paxtechnology Paxstore 7.0.820200511171508 Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by incorrect access control that can lead to remote privilege escalation. | 8.1 |
| 2021-05-07 | CVE-2020-36128 | Authentication Bypass by Spoofing vulnerability in Paxtechnology Paxstore 7.0.820200511171508 Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by a token spoofing vulnerability. | 8.2 |