ID CVE-2017-2911
Summary An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the rclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability.
References
Vulnerable Configurations
  • cpe:2.3:o:meetcircle:circle_with_disney_firmware:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:meetcircle:circle_with_disney_firmware:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:h:meetcircle:circle_with_disney:-:*:*:*:*:*:*:*
    cpe:2.3:h:meetcircle:circle_with_disney:-:*:*:*:*:*:*:*
CVSS
Base: 2.6 (as of 13-06-2022 - 19:17)
Impact:
Exploitability:
CWE CWE-297
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:H/Au:N/C:N/I:P/A:N
refmap via4
misc https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0418
Last major update 13-06-2022 - 19:17
Published 07-11-2017 - 16:29
Last modified 13-06-2022 - 19:17
Back to Top