Circle With Disney Firmware
CVE-2017-12084
HIGH
Severity by source
AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
A backdoor vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. A specific set of network packets can remotely start an SSH server on the device, resulting in a persistent backdoor. An attacker can send an API call to enable the SSH server.
AnalysisAI
A backdoor vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Missing Authorization (CWE-862), which allows attackers to access resources or perform actions without proper authorization checks. A backdoor vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. A specific set of network packets can remotely start an SSH server on the device, resulting in a persistent backdoor. An attacker can send an API call to enable the SSH server. Affected products include: Meetcircle Circle With Disney Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement role-based access control, validate authorization on every request server-side, apply principle of least privilege.
More in Circle With Disney Firmware
View allAn exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Rated high severity (
An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1. Rat
An exploitable routing vulnerability exists in the Circle with Disney cloud infrastructure. Rated critical severity (CVS
An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.
An exploitable vulnerability exists in the torlist update functionality of Circle with Disney running firmware 2.0.1. Ra
An exploitable vulnerability exists in the servers update functionality of Circle with Disney running firmware 2.0.1. Ra
An exploitable vulnerability exists in the database update functionality of Circle with Disney running firmware 2.0.1. R
An exploitable authentication bypass vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1
An exploitable vulnerability exists in the WiFi configuration functionality of Circle with Disney running firmware 2.0.1
An exploitable vulnerability exists in the signature verification of the firmware update functionality of Circle with Di
An exploitable Denial of Service vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. Ra
An exploitable vulnerability exists in the user photo update functionality of Circle with Disney running firmware 2.0.1.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today