Circle With Disney Firmware
CVE-2017-12083
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
An exploitable information disclosure vulnerability exists in the apid daemon of the Circle with Disney running firmware 2.0.1. A specially crafted set of packets can make the Disney Circle dump strings from an internal database into an HTTP response. An attacker needs network connectivity to the Internet to trigger this vulnerability.
AnalysisAI
An exploitable information disclosure vulnerability exists in the apid daemon of the Circle with Disney running firmware 2.0.1. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. An exploitable information disclosure vulnerability exists in the apid daemon of the Circle with Disney running firmware 2.0.1. A specially crafted set of packets can make the Disney Circle dump strings from an internal database into an HTTP response. An attacker needs network connectivity to the Internet to trigger this vulnerability. Affected products include: Meetcircle Circle With Disney Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.
More in Circle With Disney Firmware
View allAn exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Rated high severity (
An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1. Rat
An exploitable routing vulnerability exists in the Circle with Disney cloud infrastructure. Rated critical severity (CVS
An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.
An exploitable vulnerability exists in the torlist update functionality of Circle with Disney running firmware 2.0.1. Ra
An exploitable vulnerability exists in the servers update functionality of Circle with Disney running firmware 2.0.1. Ra
An exploitable vulnerability exists in the database update functionality of Circle with Disney running firmware 2.0.1. R
An exploitable authentication bypass vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1
A backdoor vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. Rated high
An exploitable vulnerability exists in the WiFi configuration functionality of Circle with Disney running firmware 2.0.1
An exploitable vulnerability exists in the signature verification of the firmware update functionality of Circle with Di
An exploitable Denial of Service vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. Ra
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today