An attacker with physical access to a PAX Point Of Sale device with ProlinOS through 2.4.161.8859R can boot it in management mode, enable the XCB service, and then list, read, create, and overwrite files with MAINAPP permissions.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://git.lsd.cat/g/pax-pwn |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-11-01T17:39:38
Updated: 2024-08-04T16:33:56.910Z
Reserved: 2020-11-01T00:00:00
Link: CVE-2020-28044
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-11-02T21:15:31.460
Modified: 2020-11-17T17:52:55.017
Link: CVE-2020-28044
Redhat
No data.