Login Sign Up

CVE-2023-4818

7.6 HIGH

📋 TL;DR

PAX A920 payment terminals have a bootloader downgrade vulnerability due to improper version checking. Attackers with physical USB access can install older, potentially vulnerable bootloader versions, compromising device security. This affects PAX A920 devices in retail and payment environments.

💻 Affected Systems

Products:
  • PAX A920
Versions: Specific versions not publicly detailed; all versions prior to patch are likely affected.
Operating Systems: PAX proprietary OS
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects PAX A920 payment terminals; requires physical USB access to exploit.

📦 What is this software?

Paydroid by Paxtechnology

View all CVEs affecting Paydroid →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing installation of malicious firmware, payment data theft, and persistent backdoor establishment.

🟠

Likely Case

Installation of older bootloader with known vulnerabilities, enabling subsequent attacks on the payment terminal.

🟢

If Mitigated

Limited impact if physical access controls prevent USB connection by unauthorized personnel.

🌐 Internet-Facing: LOW - Requires physical USB access, not network exploitable.
🏢 Internal Only: MEDIUM - Physical access needed, but insider threats or stolen devices could be exploited.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW - Simple USB connection and bootloader flashing required.

Exploitation requires physical access to USB port; signature verification still works but version check bypass allows downgrade.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in public sources; check PAX vendor updates.

Vendor Advisory: https://ppn.paxengine.com/release/development

Restart Required: Yes

Instructions:

1. Contact PAX support for firmware update. 2. Apply latest firmware via official PAX tools. 3. Reboot device to activate new bootloader.

🔧 Temporary Workarounds

Physical Access Control

all

Restrict physical access to USB ports to prevent unauthorized connections.

Device Tamper Detection

all

Implement monitoring for unauthorized physical access to payment terminals.

🧯 If You Can't Patch

  • Physically secure devices in controlled environments to prevent USB access.
  • Implement regular physical security audits and tamper detection mechanisms.

🔍 How to Verify

Check if Vulnerable:

Check bootloader version via PAX diagnostic tools; if version is older than latest patched version, device may be vulnerable.

Check Version:

Use PAX proprietary diagnostic tools; specific command not publicly documented.

Verify Fix Applied:

Verify bootloader version matches latest patched version from PAX vendor after update.

📡 Detection & Monitoring

Log Indicators:

  • USB connection logs from unauthorized devices
  • Bootloader version change events

Network Indicators:

  • Not applicable - physical access required

SIEM Query:

Not applicable for network detection; focus on physical security logs.

📊 Metadata

CVE ID: CVE-2023-4818
CVSS v3 Score: 7.6 (HIGH)
CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-74
Published: January 15, 2024
Last Updated: June 17, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-4818, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)