A privilege escalation vulnerability in PocketBook InkPad... · CVE-2025-1424 · GitHub Advisory Database · GitHub

A privilege escalation vulnerability in PocketBook InkPad...

High severity Unreviewed Published Mar 4, 2025 to the GitHub Advisory Database

Package

No package listed— Suggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

A privilege escalation vulnerability in PocketBook InkPad Color 3 allows attackers to escalate to root privileges if they gain physical access to the device.
This issue affects InkPad Color 3 in version U743k3.6.8.3671.

References

Published by the National Vulnerability Database

Mar 4, 2025

Published to the GitHub Advisory Database Mar 4, 2025

Severity

High

/ 10

CVSS v4 base metrics

Exploitability Metrics

Attack Vector Physical

Attack Complexity Low

Attack Requirements None

Privileges Required None

User interaction None

Vulnerable System Impact Metrics

Confidentiality High

Integrity High

Availability High

Subsequent System Impact Metrics

Confidentiality High

Integrity High

Availability High

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X