Vulnerabilities > Petwant > PF 103 Firmware > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-12-13 CVE-2019-16730 OS Command Injection vulnerability in multiple products
processCommandUpgrade() in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.
network
low complexity
skymee petwant CWE-78
critical
 9.8
9.8
2019-12-13 CVE-2019-16733 OS Command Injection vulnerability in multiple products
processCommandSetUid() in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.
network
low complexity
skymee petwant CWE-78
critical
 9.8
9.8
2019-12-13 CVE-2019-16734 Use of Hard-coded Credentials vulnerability in multiple products
Use of default credentials for the TELNET server in Petwant PF-103 firmware 4.3.2.50 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.
network
low complexity
skymee petwant CWE-798
critical
 9.8
9.8
2019-12-13 CVE-2019-16735 Out-of-bounds Write vulnerability in multiple products
A stack-based buffer overflow in processCommandUploadLog in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to cause denial of service or run arbitrary code as the root user.
network
low complexity
skymee petwant CWE-787
critical
 9.8
9.8
2019-12-13 CVE-2019-16736 Out-of-bounds Write vulnerability in multiple products
A stack-based buffer overflow in processCommandUploadSnapshot in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to cause denial of service or run arbitrary code as the root user.
network
low complexity
skymee petwant CWE-787
critical
 9.8
9.8
2019-12-13 CVE-2019-16737 OS Command Injection vulnerability in multiple products
The processCommandSetMac() function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.
network
low complexity
skymee petwant CWE-78
critical
 9.8
9.8
2019-12-13 CVE-2019-17364 OS Command Injection vulnerability in multiple products
The processCommandUploadLog() function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.
network
low complexity
skymee petwant CWE-78
critical
 9.8
9.8