Skip to main content

Circle With Disney Firmware CVE-2017-12096

MEDIUM
Authentication Bypass by Spoofing (CWE-290)
2017-11-07 talos-cna@cisco.com
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 07, 2017 - 16:29 cve.org
MEDIUM 6.5

DescriptionCVE.org

An exploitable vulnerability exists in the WiFi management of Circle with Disney. A crafted Access Point with the same name as the legitimate one can be used to make Circle connect to an untrusted network. An attacker needs to setup an Access Point reachable by the device and to send a series of spoofed "deauth" packets to trigger this vulnerability.

AnalysisAI

An exploitable vulnerability exists in the WiFi management of Circle with Disney. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-290. An exploitable vulnerability exists in the WiFi management of Circle with Disney. A crafted Access Point with the same name as the legitimate one can be used to make Circle connect to an untrusted network. An attacker needs to setup an Access Point reachable by the device and to send a series of spoofed "deauth" packets to trigger this vulnerability. Affected products include: Meetcircle Circle With Disney Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2017-2866 HIGH POC
8.8 Nov 07

An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Rated high severity (

CVE-2017-2917 HIGH POC
8.8 Nov 07

An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1. Rat

CVE-2017-12085 CRITICAL POC
9.0 Nov 07

An exploitable routing vulnerability exists in the Circle with Disney cloud infrastructure. Rated critical severity (CVS

CVE-2017-2916 HIGH POC
8.8 Nov 07

An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.

CVE-2017-2881 HIGH POC
8.8 Nov 07

An exploitable vulnerability exists in the torlist update functionality of Circle with Disney running firmware 2.0.1. Ra

CVE-2017-2882 HIGH POC
8.1 Nov 07

An exploitable vulnerability exists in the servers update functionality of Circle with Disney running firmware 2.0.1. Ra

CVE-2017-2883 HIGH POC
8.1 Nov 07

An exploitable vulnerability exists in the database update functionality of Circle with Disney running firmware 2.0.1. R

CVE-2017-2914 HIGH POC
8.1 Nov 07

An exploitable authentication bypass vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1

CVE-2017-12084 HIGH POC
8.0 Nov 07

A backdoor vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. Rated high

CVE-2017-2915 HIGH POC
8.0 Nov 07

An exploitable vulnerability exists in the WiFi configuration functionality of Circle with Disney running firmware 2.0.1

CVE-2017-2898 HIGH POC
7.5 Nov 07

An exploitable vulnerability exists in the signature verification of the firmware update functionality of Circle with Di

CVE-2017-2889 HIGH POC
7.5 Nov 07

An exploitable Denial of Service vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. Ra

Share

CVE-2017-12096 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy