90 percent of hardware vulnerabilities 90 percent that were submitted to retail bug bounty programs so far this year were categorized as critical. That s due to the fact that retail hardware assets often lack built-in security features. Hardware assets often require manual updates (which can t be done at scale, making it more difficult and time-consuming to patch systems) and are generally short on processing power and memory (meaning standard encryption protocols are frequently forgone by manufacturers) Cross-site scripting, broken access control and broken authentication are the most common retail vulnerabilities.
Source: https://threatpost.com/threatlist-most-retail-hardware-pos-flaws-are-critical/149609/