PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow for command execution with high privileges by using malicious symlinks. The attacker must have shell access to the device in order to exploit this vulnerability.
History

Thu, 10 Oct 2024 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20

Thu, 10 Oct 2024 15:45:00 +0000

Type Values Removed Values Added
Description PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow for command execution with high privileges by using malicious symlinks. The attacker must have shell access to the device in order to exploit this vulnerability. PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow for command execution with high privileges by using malicious symlinks. The attacker must have shell access to the device in order to exploit this vulnerability.

cve-icon MITRE

Status: PUBLISHED

Assigner: CERT-PL

Published: 2024-01-15T13:28:59.106Z

Updated: 2024-10-10T15:35:56.930Z

Reserved: 2023-09-07T13:17:57.372Z

Link: CVE-2023-42137

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2024-01-15T14:15:24.900

Modified: 2024-11-21T08:22:21.040

Link: CVE-2023-42137

cve-icon Redhat

No data.