Privilege Escalation Through Command Injection in Systool Client
PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow an attacker to gain root access through command injection in systool client. The attacker must have shell access to the device in order to exploit this vulnerability.
| CVE ID | CVE-2022-26582 |
|---|---|
| Vendor | PAX Technology |
| Product | PAX A930 |
| Version | PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 |
| CVSS Score | 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) |
| Category | CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |