{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-08T18:47:23.724","vulnerabilities":[{"cve":{"id":"CVE-2023-42135","sourceIdentifier":"cvd@cert.pl","published":"2024-01-15T14:15:24.413","lastModified":"2024-11-21T08:22:20.747","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"PAX A920Pro/A50 devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow local code execution via parameter injection by bypassing the input validation when flashing a specific partition. \n\n\n\n\n\nThe attacker must have physical USB access to the device in order to exploit this vulnerability."},{"lang":"es","value":"Los dispositivos PAX A920Pro/A50 con PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 o anterior pueden permitir la ejecución de código local mediante inyección de parámetros al omitir la validación de entrada al actualizar una partición específica. El atacante debe tener acceso USB físico al dispositivo para poder aprovechar esta vulnerabilidad."}],"metrics":{"cvssMetricV31":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.9,"impactScore":5.9}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Secondary","description":[{"lang":"en","value":"CWE-74"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-74"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*","versionEndIncluding":"8.1.0_sagittarius_11.1.50_20230614","matchCriteriaId":"970DD715-DA0A-4E3B-A51A-4B04EEC55CC8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:paxtechnology:a920_pro:-:*:*:*:*:*:*:*","matchCriteriaId":"FF80918D-3453-4F42-A8A0-DA993C398394"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:paxtechnology:paydroid:*:*:*:*:*:*:*:*","versionEndIncluding":"8.1.0_sagittarius_11.1.50_20230614","matchCriteriaId":"970DD715-DA0A-4E3B-A51A-4B04EEC55CC8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:paxtechnology:a50:-:*:*:*:*:*:*:*","matchCriteriaId":"DFCCCD93-0374-4AE1-8986-E0997B53A51C"}]}]}],"references":[{"url":"https://blog.stmcyber.com/pax-pos-cves-2023/","source":"cvd@cert.pl","tags":["Exploit","Third Party Advisory"]},{"url":"https://cert.pl/en/posts/2024/01/CVE-2023-4818/","source":"cvd@cert.pl","tags":["Third Party Advisory"]},{"url":"https://cert.pl/posts/2024/01/CVE-2023-4818/","source":"cvd@cert.pl","tags":["Third Party Advisory"]},{"url":"https://ppn.paxengine.com/release/development","source":"cvd@cert.pl","tags":["Permissions Required"]},{"url":"https://blog.stmcyber.com/pax-pos-cves-2023/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://cert.pl/en/posts/2024/01/CVE-2023-4818/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://cert.pl/posts/2024/01/CVE-2023-4818/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://ppn.paxengine.com/release/development","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required"]}]}}]}