Shodan
Vulnerabilities
Vulnerable Software
Verifone:  Security Vulnerabilities
CVE-2019-14719
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow multiple arbitrary command injections, as demonstrated by the file manager.
CVSS Score
7.8
EPSS Score
0.004
Published
2020-10-23
CVE-2019-14711
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have a race condition for RBAC bypass.
CVSS Score
7.0
EPSS Score
0.0
Published
2020-10-23
CVE-2019-14712
Verifone VerixV Pinpad Payment Terminals with QT000530 allow bypass of integrity and origin control for S1G file generation.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-10-23
CVE-2019-14713
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow installation of unsigned packages.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-10-23
CVE-2019-14715
Verifone Pinpad Payment Terminals allow undocumented physical access to the system via an SBI bootloader memory write operation.
CVSS Score
6.8
EPSS Score
0.001
Published
2020-10-23
CVE-2019-14716
Verifone VerixV Pinpad Payment Terminals with QT000530 have an undocumented physical access mode (aka VerixV shell.out).
CVSS Score
6.6
EPSS Score
0.001
Published
2020-10-23
CVE-2019-14717
Verifone Verix OS on VerixV Pinpad Payment Terminals with QT000530 have a Buffer Overflow via the Run system call.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-10-23
CVE-2019-14718
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have Insecure Permissions, with resultant svc_netcontrol arbitrary command injection and privilege escalation.
CVSS Score
6.7
EPSS Score
0.001
Published
2020-10-23
CVE-2019-10060
The Verix Multi-app Conductor application 2.7 for Verifone Verix suffers from a buffer overflow vulnerability that allows attackers to execute arbitrary code via a long configuration key value. An attacker must be able to download files to the device in order to exploit this vulnerability.
CVSS Score
8.1
EPSS Score
0.014
Published
2019-03-26
CVE-2012-4951
Multiple SQL injection vulnerabilities in terminal/paramedit.aspx in VeriFone VeriCentre Web Console before 2.2 build 36 allow remote attackers to execute arbitrary SQL commands via the (1) TerminalId, (2) ModelName, or (3) ApplicationName parameter.
CVSS Score
7.5
EPSS Score
0.013
Published
2012-11-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved