Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have a race condition for RBAC bypass.
mx900_firmware
CVE-2019-14713
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow installation of unsigned packages.
CVE-2019-14718
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have Insecure Permissions, with resultant svc_netcontrol arbitrary command injection and privilege escalation.
CVE-2019-14719
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow multiple arbitrary command injections, as demonstrated by the file manager.