Skip to main content
CVE-2019-17364 CRITICAL POC Act Now

The processCommandUploadLog() function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Petalk Ai Firmware Pf 103 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2019-16737 CRITICAL POC Act Now

The processCommandSetMac() function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Petalk Ai Firmware Pf 103 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2019-16736 CRITICAL POC Act Now

A stack-based buffer overflow in processCommandUploadSnapshot in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to cause denial of service or run. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow RCE Memory Corruption Petalk Ai Firmware +1
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2019-16735 CRITICAL POC Act Now

A stack-based buffer overflow in processCommandUploadLog in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to cause denial of service or run. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow RCE Memory Corruption Petalk Ai Firmware +1
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2019-16734 CRITICAL POC Act Now

Use of default credentials for the TELNET server in Petwant PF-103 firmware 4.3.2.50 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Petalk Ai Firmware Pf 103 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2019-16733 CRITICAL POC Act Now

processCommandSetUid() in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Petalk Ai Firmware Pf 103 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2019-16730 CRITICAL POC Act Now

processCommandUpgrade() in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Petalk Ai Firmware Pf 103 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.7%
CVE-2019-18802 CRITICAL POC PATCH Act Now

An issue was discovered in Envoy 1.12.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Envoy
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2019-18801 CRITICAL POC PATCH Act Now

An issue was discovered in Envoy 1.12.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Envoy
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2019-19782 CRITICAL POC Act Now

The FTP client in AceaXe Plus 1.0 allows a buffer overflow via a long EHLO response from an FTP server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Aceaxe Plus
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2019-19790 CRITICAL Act Now

Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a remote attacker to read and delete an image with extension .BMP, .EXIF, .GIF, .ICON, .JPEG, .PNG, .TIFF, or .WMF on the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Telerik Ui For Asp Net Ajax Radchart
NVD
CVSS 3.1
9.8
EPSS
3.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy