CVE-2023-27197

low-risk
Published 2023-07-05

PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow an attacker to gain root access by running a crafted binary leveraging an exported function from a shared library. The attacker must have shell access to the device in order to exploit this vulnerability.

Do I need to act?

-
0.03% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.7/10 Medium
LOCAL / LOW complexity

Affected Products (1)

Pax A930 Firmware

Affected Vendors

Paxtechnology

References (4)

Third Party Advisory https://github.com/wr3nchsr/PAX-Paydroid-Advisories/blob/master/advisories/2023/...
https://wr3nchsr.github.io/pax-paydroid-vulnerabilities-advisory-2023/
Third Party Advisory https://github.com/wr3nchsr/PAX-Paydroid-Advisories/blob/master/advisories/2023/...
https://wr3nchsr.github.io/pax-paydroid-vulnerabilities-advisory-2023/
26
/ 100
low-risk
Severity 21/34 · High
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal