{"uuid": "af65a9d4-537f-45a5-b5c1-36b1b50b6c39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-42134", "type": "seen", "source": "https://t.me/androidMalware/2133", "content": "Android-based PAX Technology Point of Sale (POS) vulnerabilities\nCVE-2023-42133 - Reserved\nCVE-2023-42134 - Signed partition overwrite and subsequently local code execution as root via hidden bootloader command\nCVE-2023-42135 - Local code execution as root via kernel parameter injection in fastboot\nCVE-2023-42136 - Privilege escalation from any user/application to system user via shell injection binder-exposed service\nCVE-2023-42137 - Privilege escalation from system/shell user to root via insecure operations in systool_server daemon\nCVE-2023-4818 - Bootloader downgrade via improper tokenization\nhttps://blog.stmcyber.com/pax-pos-cves-2023/", "creation_timestamp": "2024-06-01T21:47:05.000000Z"}