CVE-2023-27197 : PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02

PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow an attacker to gain root access by running a crafted binary leveraging an exported function from a shared library. The attacker must have shell access to the device in order to exploit this vulnerability.

Published 2023-07-05 20:15:10

Updated 2024-04-23 14:15:08

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2023-27197

Paxtechnology » Pax A930 Firmware » Version: Paydroid 7.1.1 Virgo V04.5.02 20220722
cpe:2.3:o:paxtechnology:pax_a930_firmware:paydroid_7.1.1_virgo_v04.5.02_20220722:*:*:*:*:*:*:*
Matching versions
When used together with: Paxtechnology » Pax A930 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2023-27197

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 15 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-27197

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.7	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	0.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2023-27197

https://wr3nchsr.github.io/pax-paydroid-vulnerabilities-advisory-2023/

PAX Paydroid Vulnerabilities Advisory 2023 - wr3nchsr

CVEs referencing this url
https://github.com/wr3nchsr/PAX-Paydroid-Advisories/blob/master/advisories/2023/CVEs/CVE-2023-27197.md

PAX-Paydroid-Advisories/advisories/2023/CVEs/CVE-2023-27197.md at master · wr3nchsr/PAX-Paydroid-Advisories · GitHub
Third Party Advisory

Jump to

Vulnerability Details : CVE-2023-27197

Products affected by CVE-2023-27197

Exploit prediction scoring system (EPSS) score for CVE-2023-27197

CVSS scores for CVE-2023-27197

References for CVE-2023-27197