Sign-up

ID

VAR-201912-1219


CVE

CVE-2019-16735


TITLE

Petwant PF-103 Firmware and Petalk AI Vulnerable to out-of-bounds writing

Trust: 0.8

sources: JVNDB: JVNDB-2019-013187

DESCRIPTION

A stack-based buffer overflow in processCommandUploadLog in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to cause denial of service or run arbitrary code as the root user. Petwant PF-103 Firmware and Petalk AI Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Petwant PF-103 is an automatic pet feeding machine from China Petnant. Petalk AI is an automated pet feeder with monitoring capabilities. A buffer overflow vulnerability exists in the 'processCommandUploadLog' function of the libcommon.so file in version 4.22.2.42 of Petwant PF-103 and Petalk AI 3.2.2.30. This vulnerability originates from a network system or product performing operations on memory Data boundaries are incorrectly verified, which results in erroneous read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflows or heap overflows

Trust: 2.16

sources: NVD: CVE-2019-16735 // JVNDB: JVNDB-2019-013187 // CNVD: CNVD-2020-12729

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-12729

AFFECTED PRODUCTS

vendor:petwantmodel:pf-103scope:eqversion:4.22.2.42

Trust: 2.4

vendor:skymeemodel:petalk aiscope:eqversion:3.2.2.30

Trust: 1.8

vendor:petwantmodel:petalkscope:eqversion:3.2.2.30

Trust: 0.6

sources: CNVD: CNVD-2020-12729 // JVNDB: JVNDB-2019-013187 // NVD: CVE-2019-16735

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-16735
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-16735
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-12729
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201912-700
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2019-16735
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-12729
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-16735
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-16735
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-12729 // JVNDB: JVNDB-2019-013187 // CNNVD: CNNVD-201912-700 // NVD: CVE-2019-16735

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.8

sources: JVNDB: JVNDB-2019-013187 // NVD: CVE-2019-16735

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-700

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201912-700

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-013187

PATCH
title:Top Pageurl:https://www.petwant.com/
Trust: 0.8
title:Top Pageurl:http://www.skymee.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-013187

EXTERNAL IDS
db:NVDid:CVE-2019-16735
Trust: 3.0
db:JVNDBid:JVNDB-2019-013187
Trust: 0.8
db:CNVDid:CNVD-2020-12729
Trust: 0.6
db:CNNVDid:CNNVD-201912-700
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-12729 // 
            
            
            
            JVNDB: JVNDB-2019-013187 // 
            
            
            
            CNNVD: CNNVD-201912-700 // 
            
            
            
            NVD: CVE-2019-16735

REFERENCES
url:https://blog.securityevaluators.com/remotely-exploiting-iot-pet-feeders-21013562aea3
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-16735
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-16735
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-12729 // 
            
            
            
            JVNDB: JVNDB-2019-013187 // 
            
            
            
            CNNVD: CNNVD-201912-700 // 
            
            
            
            NVD: CVE-2019-16735

SOURCES
db:CNVDid:CNVD-2020-12729
db:JVNDBid:JVNDB-2019-013187
db:CNNVDid:CNNVD-201912-700
db:NVDid:CVE-2019-16735

LAST UPDATE DATE
2024-11-23T23:01:34.126000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-12729date:2020-02-22T00:00:00
db:JVNDBid:JVNDB-2019-013187date:2019-12-20T00:00:00
db:CNNVDid:CNNVD-201912-700date:2020-06-16T00:00:00
db:NVDid:CVE-2019-16735date:2024-11-21T04:31:05.413

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-12729date:2020-02-18T00:00:00
db:JVNDBid:JVNDB-2019-013187date:2019-12-20T00:00:00
db:CNNVDid:CNNVD-201912-700date:2019-12-13T00:00:00
db:NVDid:CVE-2019-16735date:2019-12-13T21:15:17.680