Arbitrary Command Execution Vulnerability in PAX Android POS Devices

Arbitrary Command Execution Vulnerability in PAX Android POS Devices

CVE-2023-42136 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow the execution of arbitrary commands with system account privilege by shell injection starting with a specific word. The attacker must have shell access to the device in order to exploit this vulnerability.

Learn more about our Cis Benchmark Audit For Google Android.