PT-2019-14800 · Pf+1 · Pf-103+1

Publicado

2019-12-13

Atualizado

2021-07-21

CVE-2019-16732

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Petalk AI (affected versions not specified) PF-103 (affected versions not specified)

Description The issue concerns unencrypted HTTP communications used for firmware upgrades, allowing man-in-the-middle attackers to execute arbitrary code with root user privileges.

Recommendations For Petalk AI, update the firmware to use encrypted communications for upgrades. For PF-103, update the firmware to use encrypted communications for upgrades. As a temporary workaround, consider restricting access to the firmware upgrade process until a secure update method is implemented.

Exploit

Correção

Cleartext Transmission of Sensitive Information

Improper Verification of Cryptographic Signature

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-319CWE-347

Identificadores relacionados

CVE-2019-16732

Produtos afetados

Pf-103

Petalk Ai

PT-2019-14800 · Pf+1 · Pf-103+1

CVE-2019-16732

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3