The attacker must have physical USB access to the device in order to exploit this vulnerability.
No analysis available yet.
No remediation available yet.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2023-54661 | PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature is correctly checked and only bootloader signed by PAX can be used. The attacker must have physical USB access to the device in order to exploit this vulnerability. |
Tue, 17 Jun 2025 14:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 10 Oct 2024 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-20 |
Thu, 10 Oct 2024 15:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature is correctly checked and only bootloader signed by PAX can be used. The attacker must have physical USB access to the device in order to exploit this vulnerability. | PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature is correctly checked and only bootloader signed by PAX can be used. The attacker must have physical USB access to the device in order to exploit this vulnerability. |
Status: PUBLISHED
Assigner: CERT-PL
Published:
Updated: 2025-06-17T13:36:53.048Z
Reserved: 2023-09-07T13:18:09.776Z
Link: CVE-2023-4818
Updated: 2024-08-02T07:38:00.703Z
Status : Modified
Published: 2024-01-15T14:15:25.180
Modified: 2026-06-17T06:38:40.570
Link: CVE-2023-4818
No data.
OpenCVE Enrichment
No data.
-
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
EUVD