CVE-2022-26579

PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow a root privileged attacker to install unsigned packages. The attacker must have shell access to the device and gain root privileges in order to exploit this vulnerability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
mitreCNA
---
---
CISA-ADPADP
6 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
VendorProductVersion
paxtechnologypaydroid
7.1.1_virgo_v04.3.26t1_20210419:_virgo_v04.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cyshield.com/e077d6c3-adff-49a1-afc3-71e10140f95c
https://github.com/wr3nchsr/PAX-Paydroid-Advisories/blob/master/advisories/2022/CVEs/CVE-2022-26579.md
https://wr3nchsr.github.io/pax-paydroid-vulnerabilities-advisory-2022/
https://cyshield.com/e077d6c3-adff-49a1-afc3-71e10140f95c
https://github.com/wr3nchsr/PAX-Paydroid-Advisories/blob/master/advisories/2022/CVEs/CVE-2022-26579.md
https://wr3nchsr.github.io/pax-paydroid-vulnerabilities-advisory-2022/