PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature is correctly checked and only bootloader signed by PAX can be used.
The attacker must have physical USB access to the device in order to exploit this vulnerability.
References
Link | Resource |
---|---|
https://blog.stmcyber.com/pax-pos-cves-2023/ | Exploit Third Party Advisory |
https://cert.pl/en/posts/2024/01/CVE-2023-4818/ | Third Party Advisory |
https://cert.pl/posts/2024/01/CVE-2023-4818/ | Third Party Advisory |
https://ppn.paxengine.com/release/development | Permissions Required |
Configurations
Configuration 1 (hide)
AND |
|
History
19 Jan 2024, 16:35
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:paxtechnology:paydroid:7.1.2_aquarius_11.1.50_20230614:*:*:*:*:*:*:* cpe:2.3:h:paxtechnology:a920:-:*:*:*:*:*:*:* |
|
First Time |
Paxtechnology paydroid
Paxtechnology Paxtechnology a920 |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.6 |
CWE | CWE-74 | |
References | () https://ppn.paxengine.com/release/development - Permissions Required | |
References | () https://blog.stmcyber.com/pax-pos-cves-2023/ - Exploit, Third Party Advisory | |
References | () https://cert.pl/en/posts/2024/01/CVE-2023-4818/ - Third Party Advisory | |
References | () https://cert.pl/posts/2024/01/CVE-2023-4818/ - Third Party Advisory |
15 Jan 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-15 14:15
Updated : 2024-02-28 20:54
NVD link : CVE-2023-4818
Mitre link : CVE-2023-4818
CVE.ORG link : CVE-2023-4818
JSON object : View
Products Affected
paxtechnology
- a920
- paydroid