VYPR

A920 Pro

by PAX Technology

CVEs (3)

  • CVE-2023-42135Jan 15, 2024
    risk 0.00cvss epss 0.01

    PAX A920Pro/A50 devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow local code execution via parameter injection by bypassing the input validation when flashing a specific partition. The attacker must have physical USB access to the device in…

  • CVE-2023-4818Jan 15, 2024
    risk 0.00cvss epss 0.01

    PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature is correctly checked and only bootloader signed by PAX can be used.  The attacker must have physical USB access to the device in order to exploit this vulnerability.

  • CVE-2023-26980Apr 14, 2023
    risk 0.00cvss epss 0.00

    PAX Technology PAX A920 Pro PayDroid 8.1suffers from a Race Condition vulnerability, which allows attackers to bypass the payment software and force the OS to boot directly to Android during the boot process. NOTE: the vendor disputes this because the attack is not feasible: the…