CVE-2020-28044 Information

Description

An attacker with physical access to a PAX Point Of Sale device with ProlinOS through 2.4.161.8859R can boot it in management mode enable the XCB service and then list read create and overwrite files with MAINAPP permissions.

Reference

https://git.lsd.cat/g/pax-pwn