Sign-up

ID

VAR-201912-1220


CVE

CVE-2019-16736


TITLE

Petwant PF-103 Firmware and Petalk AI Vulnerable to out-of-bounds writing

Trust: 0.8

sources: JVNDB: JVNDB-2019-013184

DESCRIPTION

A stack-based buffer overflow in processCommandUploadSnapshot in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to cause denial of service or run arbitrary code as the root user. Petwant PF-103 Firmware and Petalk AI Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Petwant PF-103 is an automatic pet feeding machine from China Petnant. Petalk AI is an automated pet feeder with monitoring capabilities. A buffer overflow vulnerability exists in the 'processCommandUploadSnapshot' function of the libcommon.so file in Petwant PF-103 and Petalk AI version 3.2.2.30 using 4.22.2.42 firmware. The vulnerability originates from a network system or product performing operations on memory. Data boundaries are incorrectly verified, which results in erroneous read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflows or heap overflows

Trust: 2.16

sources: NVD: CVE-2019-16736 // JVNDB: JVNDB-2019-013184 // CNVD: CNVD-2020-12728

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-12728

AFFECTED PRODUCTS

vendor:petwantmodel:pf-103scope:eqversion:4.22.2.42

Trust: 2.4

vendor:skymeemodel:petalk aiscope:eqversion:3.2.2.30

Trust: 1.8

vendor:petwantmodel:petalkscope:eqversion:3.2.2.30

Trust: 0.6

sources: CNVD: CNVD-2020-12728 // JVNDB: JVNDB-2019-013184 // NVD: CVE-2019-16736

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-16736
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-16736
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-12728
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201912-697
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2019-16736
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-12728
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-16736
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-16736
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-12728 // JVNDB: JVNDB-2019-013184 // CNNVD: CNNVD-201912-697 // NVD: CVE-2019-16736

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.8

sources: JVNDB: JVNDB-2019-013184 // NVD: CVE-2019-16736

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-697

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201912-697

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-013184

PATCH
title:Top Pageurl:https://www.petwant.com/
Trust: 0.8
title:Top Pageurl:http://www.skymee.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-013184

EXTERNAL IDS
db:NVDid:CVE-2019-16736
Trust: 3.0
db:JVNDBid:JVNDB-2019-013184
Trust: 0.8
db:CNVDid:CNVD-2020-12728
Trust: 0.6
db:CNNVDid:CNNVD-201912-697
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-12728 // 
            
            
            
            JVNDB: JVNDB-2019-013184 // 
            
            
            
            CNNVD: CNNVD-201912-697 // 
            
            
            
            NVD: CVE-2019-16736

REFERENCES
url:https://blog.securityevaluators.com/remotely-exploiting-iot-pet-feeders-21013562aea3
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-16736
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-16736
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-12728 // 
            
            
            
            JVNDB: JVNDB-2019-013184 // 
            
            
            
            CNNVD: CNNVD-201912-697 // 
            
            
            
            NVD: CVE-2019-16736

SOURCES
db:CNVDid:CNVD-2020-12728
db:JVNDBid:JVNDB-2019-013184
db:CNNVDid:CNNVD-201912-697
db:NVDid:CVE-2019-16736

LAST UPDATE DATE
2024-11-23T22:55:19.716000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-12728date:2020-02-22T00:00:00
db:JVNDBid:JVNDB-2019-013184date:2019-12-20T00:00:00
db:CNNVDid:CNNVD-201912-697date:2020-06-16T00:00:00
db:NVDid:CVE-2019-16736date:2024-11-21T04:31:05.557

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-12728date:2020-02-18T00:00:00
db:JVNDBid:JVNDB-2019-013184date:2019-12-20T00:00:00
db:CNNVDid:CNNVD-201912-697date:2019-12-13T00:00:00
db:NVDid:CVE-2019-16736date:2019-12-13T21:15:17.740