PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature is correctly checked and only bootloader signed by PAX can be used.
The attacker must have physical USB access to the device in order to exploit this vulnerability.
References
Link | Resource |
---|---|
https://blog.stmcyber.com/pax-pos-cves-2023/ | Exploit Third Party Advisory |
https://cert.pl/en/posts/2024/01/CVE-2023-4818/ | Third Party Advisory |
https://cert.pl/posts/2024/01/CVE-2023-4818/ | Third Party Advisory |
https://ppn.paxengine.com/release/development | Permissions Required |
Configurations
Configuration 1 (hide)
AND |
|
History
10 Oct 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
CWE | ||
Summary | (en) PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature is correctly checked and only bootloader signed by PAX can be used. The attacker must have physical USB access to the device in order to exploit this vulnerability. |
19 Jan 2024, 16:35
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:paxtechnology:paydroid:7.1.2_aquarius_11.1.50_20230614:*:*:*:*:*:*:* cpe:2.3:h:paxtechnology:a920:-:*:*:*:*:*:*:* |
|
First Time |
Paxtechnology paydroid
Paxtechnology Paxtechnology a920 |
|
CWE | CWE-74 | |
References | () https://ppn.paxengine.com/release/development - Permissions Required | |
References | () https://blog.stmcyber.com/pax-pos-cves-2023/ - Exploit, Third Party Advisory | |
References | () https://cert.pl/en/posts/2024/01/CVE-2023-4818/ - Third Party Advisory | |
References | () https://cert.pl/posts/2024/01/CVE-2023-4818/ - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.6 |
15 Jan 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-15 14:15
Updated : 2024-10-10 16:15
NVD link : CVE-2023-4818
Mitre link : CVE-2023-4818
CVE.ORG link : CVE-2023-4818
JSON object : View
Products Affected
paxtechnology
- paydroid
- a920
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')