Application Signature Verification Bypass
PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow a root privileged attacker to install unsigned packages. The attacker must have shell access to the device and gain root privileges in order to exploit this vulnerability.
| CVE ID | CVE-2022-26579 |
|---|---|
| Vendor | PAX Technology |
| Product | PAX A930 |
| Version | PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 |
| CVSS Score | 7.9 (AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N) |
| Category | CWE-345: Insufficient Verification of Data Authenticity |