CVE-2017-2883 - An exploitable vulnerability exists in the database update functionality of Circle with Disney runni

CVE-2017-2883

Summary

An exploitable vulnerability exists in the database update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to execute arbitrary code. An attacker needs to impersonate a remote server in order to trigger this vulnerability.

References

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0390

Vulnerable Configurations

cpe:2.3:o:meetcircle:circle_with_disney_firmware:2.0.1:*:*:*:*:*:*:*
cpe:2.3:o:meetcircle:circle_with_disney_firmware:2.0.1:*:*:*:*:*:*:*
cpe:2.3:h:meetcircle:circle_with_disney:-:*:*:*:*:*:*:*
cpe:2.3:h:meetcircle:circle_with_disney:-:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 03-06-2022 - 19:06)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

misc

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0390

Last major update

03-06-2022 - 19:06

Published

07-11-2017 - 16:29

Last modified

03-06-2022 - 19:06