Vulnerabilities > Skymee

DATE CVE VULNERABILITY TITLE RISK
2019-12-13 CVE-2019-17364 OS Command Injection vulnerability in multiple products
The processCommandUploadLog() function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.
network
low complexity
skymee petwant CWE-78
critical
9.8
2019-12-13 CVE-2019-16737 OS Command Injection vulnerability in multiple products
The processCommandSetMac() function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.
network
low complexity
skymee petwant CWE-78
critical
9.8
2019-12-13 CVE-2019-16736 Out-of-bounds Write vulnerability in multiple products
A stack-based buffer overflow in processCommandUploadSnapshot in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to cause denial of service or run arbitrary code as the root user.
network
low complexity
skymee petwant CWE-787
critical
9.8
2019-12-13 CVE-2019-16735 Out-of-bounds Write vulnerability in multiple products
A stack-based buffer overflow in processCommandUploadLog in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to cause denial of service or run arbitrary code as the root user.
network
low complexity
skymee petwant CWE-787
critical
9.8
2019-12-13 CVE-2019-16734 Use of Hard-coded Credentials vulnerability in multiple products
Use of default credentials for the TELNET server in Petwant PF-103 firmware 4.3.2.50 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.
network
low complexity
skymee petwant CWE-798
critical
9.8
2019-12-13 CVE-2019-16733 OS Command Injection vulnerability in multiple products
processCommandSetUid() in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.
network
low complexity
skymee petwant CWE-78
critical
9.8
2019-12-13 CVE-2019-16732 Cleartext Transmission of Sensitive Information vulnerability in multiple products
Unencrypted HTTP communications for firmware upgrades in Petalk AI and PF-103 allow man-in-the-middle attackers to run arbitrary code as the root user.
network
high complexity
skymee petwant CWE-319
8.1
2019-12-13 CVE-2019-16731 Missing Authentication for Critical Function vulnerability in multiple products
The udpServerSys service in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to initiate firmware upgrades and alter device settings.
network
low complexity
skymee petwant CWE-306
7.5
2019-12-13 CVE-2019-16730 OS Command Injection vulnerability in multiple products
processCommandUpgrade() in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.
network
low complexity
skymee petwant CWE-78
critical
9.8