CVE-2023-42134 MEDIUM

CVE-2023-42134

Vendor Pax Technology
Product POS terminals
Weakness CWE-912
Published January 15, 2024
Last update June 17, 2025

CVSS base score

6.8/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.45_20230314 or earlier can allow the signed partition overwrite and subsequently local code execution via hidden command. The attacker must have physical USB access to the device in order to exploit this vulnerability.

Key dates

02Disclosure timeline

January 15, 2024 CVE published
June 17, 2025 Record updated