Circle With Disney Firmware
by Meetcircle
CVEs (22)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-2911 | Med | 0.38 | 5.9 | 0.00 | Nov 7, 2017 | An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the rclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability. | |
| CVE-2017-12083 | Med | 0.38 | 5.8 | 0.00 | Nov 7, 2017 | An exploitable information disclosure vulnerability exists in the apid daemon of the Circle with Disney running firmware 2.0.1. A specially crafted set of packets can make the Disney Circle dump strings from an internal database into an HTTP response. An attacker needs network connectivity to the Internet to trigger this vulnerability. |
Page 2 of 2