CVE-2023-4818
Severity CVSS v4.0:
Pending analysis
Type:
CWE-74
Injection
Publication date:
15/01/2024
Last modified:
17/06/2025
Description
PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature is correctly checked and only bootloader signed by PAX can be used. <br />
<br />
<br />
<br />
<br />
The attacker must have physical USB access to the device in order to exploit this vulnerability.
Impact
Base Score 3.x
7.60
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:paxtechnology:paydroid:7.1.2_aquarius_11.1.50_20230614:*:*:*:*:*:*:* | ||
| cpe:2.3:h:paxtechnology:a920:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://blog.stmcyber.com/pax-pos-cves-2023/
- https://cert.pl/en/posts/2024/01/CVE-2023-4818/
- https://cert.pl/posts/2024/01/CVE-2023-4818/
- https://ppn.paxengine.com/release/development
- https://blog.stmcyber.com/pax-pos-cves-2023/
- https://cert.pl/en/posts/2024/01/CVE-2023-4818/
- https://cert.pl/posts/2024/01/CVE-2023-4818/
- https://ppn.paxengine.com/release/development