CVE-2022-26580

PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow the execution of specific command injections on selected binaries in the ADB daemon shell service. The attacker must have physical USB access to the device in order to exploit this vulnerability.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:paxtechnology:paydroid:7.1.1_virgo_v04.3.26t1_20210419:*:*:*:*:*:*:*
cpe:2.3:h:paxtechnology:a930:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:54

Type Values Removed Values Added
References () https://cyshield.com/e077d6c3-adff-49a1-afc3-71e10140f95c - Third Party Advisory () https://cyshield.com/e077d6c3-adff-49a1-afc3-71e10140f95c - Third Party Advisory
References () https://github.com/wr3nchsr/PAX-Paydroid-Advisories/blob/master/advisories/2022/CVEs/CVE-2022-26580.md - () https://github.com/wr3nchsr/PAX-Paydroid-Advisories/blob/master/advisories/2022/CVEs/CVE-2022-26580.md -
References () https://wr3nchsr.github.io/pax-paydroid-vulnerabilities-advisory-2022/ - () https://wr3nchsr.github.io/pax-paydroid-vulnerabilities-advisory-2022/ -

23 Apr 2024, 14:15

Type Values Removed Values Added
References
  • () https://wr3nchsr.github.io/pax-paydroid-vulnerabilities-advisory-2022/ -

Information

Published : 2022-12-16 22:15

Updated : 2024-11-21 06:54


NVD link : CVE-2022-26580

Mitre link : CVE-2022-26580

CVE.ORG link : CVE-2022-26580


JSON object : View

Products Affected

paxtechnology

  • a930
  • paydroid
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')