SecurityWeek reports that six vulnerabilities impacting PAX Technology’s Android-based point-of-sale terminals that have already been addressed by the China-based payment terminal manufacturer could be leveraged to facilitate further compromise. Threat actors could exploit half of the flaws including CVE-2023-4818, which enables bootloader downgrading, and the kernel argument injection bugs, tracked as CVE-2023-42134, and CVE-2023-42135 to enable physical USB access to targeted devices, according to a report from STM Cyber, which discovered the vulnerabilities.

Source: SC Magazine