Headline
CVE-2023-27197: PAX-Paydroid-Advisories/advisories/2023/CVEs/CVE-2023-27197.md at master · wr3nchsr/PAX-Paydroid-Advisories
PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow an attacker to gain root access by running a crafted binary leveraging an exported function from a shared library. The attacker must have shell access to the device in order to exploit this vulnerability.
Privilege Escalation Using Exported Dangerous Function with Insufficient Checks
PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow an attacker to gain root access by running a crafted binary leveraging an exported function from a shared library. The attacker must have shell access to the device in order to exploit this vulnerability.
CVE ID
CVE-2023-27197
Vendor
PAX Technology
Product
PAX A930
Version
PayDroid_7.1.1_Virgo_V04.5.02_20220722
CVSS Score
8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Category
CWE-749: Exposed Dangerous Method or Function