PT-2019-14804 · Petwant+1 · Petwant Pf-103+2

Published

2019-12-13

Updated

2019-12-18

CVE-2019-16736

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Petwant PF-103 firmware version 4.22.2.42 Petalk AI version 3.2.2.30

Description A stack-based buffer overflow issue exists in the processCommandUploadSnapshot function within libcommon.so. This allows remote attackers to potentially cause a denial of service or execute arbitrary code with root user privileges.

Recommendations For Petwant PF-103 firmware version 4.22.2.42, update to a newer version that contains a fix for this issue. For Petalk AI version 3.2.2.30, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the processCommandUploadSnapshot function in libcommon.so to minimize the risk of exploitation.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2019-16736

Affected Products

Petalk Ai

Petwant Pf-103

Libcommon.So

PT-2019-14804 · Petwant+1 · Petwant Pf-103+2

CVE-2019-16736

Weakness Enumeration

Related Identifiers

Affected Products

References · 3