Vulnerability: Unauthorized File Manipulation and Access on PAX Point Of Sale Device with ProlinOS

Vulnerability: Unauthorized File Manipulation and Access on PAX Point Of Sale Device with ProlinOS

CVE-2020-28044 · MEDIUM Severity

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An attacker with physical access to a PAX Point Of Sale device with ProlinOS through 2.4.161.8859R can boot it in management mode, enable the XCB service, and then list, read, create, and overwrite files with MAINAPP permissions.

Learn more about our Physical Security Assessment.