PAX Technology PAX A920 Pro PayDroid 8.1suffers from a Race Condition vulnerability, which allows attackers to bypass the payment software and force the OS to boot directly to Android during the boot process. NOTE: the vendor disputes this because the attack is not feasible: the home launcher will be loaded before any user applications.
References
| Link | Resource |
|---|---|
| https://docs.google.com/document/d/189b1494s8RF8ksaOijKhKb-3B8gj3pLUmgn0dqg-jqs/edit | Mailing List Third Party Advisory |
| https://drive.google.com/drive/u/0/folders/14X-XTYhkiaIVBS3zf68VigG4-imbKEuV | Exploit |
| https://uploads.strikinglycdn.com/files/f1d54bf4-3803-480c-b4d3-0943f7dac76e/A920_EN_20200605.pdf?id=237392 | Broken Link |
Configurations
Configuration 1 (hide)
| AND |
|
History
07 Nov 2023, 04:09
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | PAX Technology PAX A920 Pro PayDroid 8.1suffers from a Race Condition vulnerability, which allows attackers to bypass the payment software and force the OS to boot directly to Android during the boot process. NOTE: the vendor disputes this because the attack is not feasible: the home launcher will be loaded before any user applications. |
13 Jul 2023, 13:15
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | ** DISPUTED ** PAX Technology PAX A920 Pro PayDroid 8.1suffers from a Race Condition vulnerability, which allows attackers to bypass the payment software and force the OS to boot directly to Android during the boot process. NOTE: the vendor disputes this because the attack is not feasible: the home launcher will be loaded before any user applications. |
Information
Published : 2023-04-14 13:15
Updated : 2024-08-02 12:16
NVD link : CVE-2023-26980
Mitre link : CVE-2023-26980
CVE.ORG link : CVE-2023-26980
JSON object : View
Products Affected
pax
- a920_pro
- paydroid
CWE
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')