Vulnerabilities > Petwant
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-13 | CVE-2019-17364 | OS Command Injection vulnerability in multiple products The processCommandUploadLog() function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. | 9.8 |
| 2019-12-13 | CVE-2019-16737 | OS Command Injection vulnerability in multiple products The processCommandSetMac() function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. | 9.8 |
| 2019-12-13 | CVE-2019-16736 | Out-of-bounds Write vulnerability in multiple products A stack-based buffer overflow in processCommandUploadSnapshot in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to cause denial of service or run arbitrary code as the root user. | 9.8 |
| 2019-12-13 | CVE-2019-16735 | Out-of-bounds Write vulnerability in multiple products A stack-based buffer overflow in processCommandUploadLog in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to cause denial of service or run arbitrary code as the root user. | 9.8 |
| 2019-12-13 | CVE-2019-16734 | Use of Hard-coded Credentials vulnerability in multiple products Use of default credentials for the TELNET server in Petwant PF-103 firmware 4.3.2.50 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. | 9.8 |
| 2019-12-13 | CVE-2019-16733 | OS Command Injection vulnerability in multiple products processCommandSetUid() in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. | 9.8 |
| 2019-12-13 | CVE-2019-16732 | Cleartext Transmission of Sensitive Information vulnerability in multiple products Unencrypted HTTP communications for firmware upgrades in Petalk AI and PF-103 allow man-in-the-middle attackers to run arbitrary code as the root user. | 8.1 |
| 2019-12-13 | CVE-2019-16731 | Missing Authentication for Critical Function vulnerability in multiple products The udpServerSys service in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to initiate firmware upgrades and alter device settings. | 7.5 |
| 2019-12-13 | CVE-2019-16730 | OS Command Injection vulnerability in multiple products processCommandUpgrade() in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. | 9.8 |