CVE-2019-16734
published 2019-12-13CVE-2019-16734: Use of default credentials for the TELNET server in Petwant PF-103 firmware 4.3.2.50 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system…
PriorityP267critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
3.26%
86.8th percentile
Use of default credentials for the TELNET server in Petwant PF-103 firmware 4.3.2.50 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| petwant | pf-103_firmware | — | — |
| skymee | petalk_ai_firmware | — | — |
| trixie | tx9_automatic_food_dispenser_firmware | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-ghg5-qv84-mmvj: Use of default credentials for the TELNET server in Petwant PF-103 firmware 4
ghsa_unreviewed·2022-05-24
CVE-2019-16734 [HIGH] GHSA-ghg5-qv84-mmvj: Use of default credentials for the TELNET server in Petwant PF-103 firmware 4
Use of default credentials for the TELNET server in Petwant PF-103 firmware 4.3.2.50 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.
GHSA
GHSA-3gff-7mjm-8jv9: TX9 Automatic Food Dispenser v3
ghsa_unreviewed·2022-05-24·CVSS 9.8
CVE-2021-37555 [CRITICAL] CWE-798 GHSA-3gff-7mjm-8jv9: TX9 Automatic Food Dispenser v3
TX9 Automatic Food Dispenser v3.2.57 devices allow access to a shell as root/superuser, a related issue to CVE-2019-16734. To connect, the telnet service is used on port 23 with the default password of 059AnkJ for the root account. The user can then download the filesystem through preinstalled BusyBox utilities (e.g., tar and nc).
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-12-13
Published