Credit card payment terminal exploited for remote access
A security researcher has uncovered a significant vulnerability in a widely used payment terminal that could enable attackers to gain full control of the device in under a minute.
The affected model, the Worldline Yomani XR, is found in grocery stores, cafes, repair shops, and many other businesses across Switzerland.
Despite its reputation as a hardened, tamper-protected device, the terminal’s maintenance port exposes an unsecured root shell, granting remote access to anyone with brief physical access.
Read more at GB Hackers