Sign-up

ID

VAR-201912-1217


CVE

CVE-2019-16733


TITLE

Petwant PF-103 Firmware and Petalk AI In OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-013257

DESCRIPTION

processCommandSetUid() in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. Petwant PF-103 Firmware and Petalk AI Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Petwant PF-103 is an automatic pet feeding machine from China Petnant. Petalk AI is an automated pet feeder with monitoring capabilities. The operating system command injection vulnerability exists in the 'processCommandSetUid ()' function of the libcommon.so file in version 4.22.2.42 of Petwant PF-103 and Petalk AI 3.2.2.30

Trust: 2.16

sources: NVD: CVE-2019-16733 // JVNDB: JVNDB-2019-013257 // CNVD: CNVD-2020-12724

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-12724

AFFECTED PRODUCTS

vendor:petwantmodel:pf-103scope:eqversion:4.22.2.42

Trust: 3.0

vendor:skymeemodel:petalk aiscope:eqversion:3.2.2.30

Trust: 2.4

vendor:petwantmodel:petalkscope:eqversion:3.2.2.30

Trust: 0.6

vendor:petwantmodel:pf-103scope:eqversion: -

Trust: 0.6

vendor:skymeemodel:petalk aiscope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2020-12724 // JVNDB: JVNDB-2019-013257 // CNNVD: CNNVD-201912-695 // NVD: CVE-2019-16733

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-16733
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-16733
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-12724
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201912-695
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-16733
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-12724
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-16733
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-16733
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-12724 // JVNDB: JVNDB-2019-013257 // CNNVD: CNNVD-201912-695 // NVD: CVE-2019-16733

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.8

sources: JVNDB: JVNDB-2019-013257 // NVD: CVE-2019-16733

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-695

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201912-695

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-013257

PATCH
title:Petalk AI Dog Cameraurl:https://ja-jp.facebook.com/SkymeeOfficial/
Trust: 0.8
title:Top Pageurl:https://www.petwant.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-013257

EXTERNAL IDS
db:NVDid:CVE-2019-16733
Trust: 3.0
db:JVNDBid:JVNDB-2019-013257
Trust: 0.8
db:CNVDid:CNVD-2020-12724
Trust: 0.6
db:CNNVDid:CNNVD-201912-695
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-12724 // 
            
            
            
            JVNDB: JVNDB-2019-013257 // 
            
            
            
            CNNVD: CNNVD-201912-695 // 
            
            
            
            NVD: CVE-2019-16733

REFERENCES
url:https://blog.securityevaluators.com/remotely-exploiting-iot-pet-feeders-21013562aea3
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-16733
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-16733
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-12724 // 
            
            
            
            JVNDB: JVNDB-2019-013257 // 
            
            
            
            CNNVD: CNNVD-201912-695 // 
            
            
            
            NVD: CVE-2019-16733

SOURCES
db:CNVDid:CNVD-2020-12724
db:JVNDBid:JVNDB-2019-013257
db:CNNVDid:CNNVD-201912-695
db:NVDid:CVE-2019-16733

LAST UPDATE DATE
2024-11-23T21:51:48.247000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-12724date:2020-02-22T00:00:00
db:JVNDBid:JVNDB-2019-013257date:2019-12-23T00:00:00
db:CNNVDid:CNNVD-201912-695date:2019-12-27T00:00:00
db:NVDid:CVE-2019-16733date:2024-11-21T04:31:05.103

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-12724date:2020-02-18T00:00:00
db:JVNDBid:JVNDB-2019-013257date:2019-12-23T00:00:00
db:CNNVDid:CNNVD-201912-695date:2019-12-13T00:00:00
db:NVDid:CVE-2019-16733date:2019-12-13T21:15:17.507