{"uuid": "0ad9c2bb-3a6c-4e10-bae4-adcc3eafff44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-42133", "type": "seen", "source": "https://t.me/androidMalware/2133", "content": "Android-based PAX Technology Point of Sale (POS) vulnerabilities\nCVE-2023-42133 - Reserved\nCVE-2023-42134 - Signed partition overwrite and subsequently local code execution as root via hidden bootloader command\nCVE-2023-42135 - Local code execution as root via kernel parameter injection in fastboot\nCVE-2023-42136 - Privilege escalation from any user/application to system user via shell injection binder-exposed service\nCVE-2023-42137 - Privilege escalation from system/shell user to root via insecure operations in systool_server daemon\nCVE-2023-4818 - Bootloader downgrade via improper tokenization\nhttps://blog.stmcyber.com/pax-pos-cves-2023/", "creation_timestamp": "2024-06-01T21:47:05.000000Z"}