Circle With Disney Firmware
CVE-2017-12096
MEDIUM
Severity by source
AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
An exploitable vulnerability exists in the WiFi management of Circle with Disney. A crafted Access Point with the same name as the legitimate one can be used to make Circle connect to an untrusted network. An attacker needs to setup an Access Point reachable by the device and to send a series of spoofed "deauth" packets to trigger this vulnerability.
AnalysisAI
An exploitable vulnerability exists in the WiFi management of Circle with Disney. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-290. An exploitable vulnerability exists in the WiFi management of Circle with Disney. A crafted Access Point with the same name as the legitimate one can be used to make Circle connect to an untrusted network. An attacker needs to setup an Access Point reachable by the device and to send a series of spoofed "deauth" packets to trigger this vulnerability. Affected products include: Meetcircle Circle With Disney Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Circle With Disney Firmware
View allAn exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Rated high severity (
An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1. Rat
An exploitable routing vulnerability exists in the Circle with Disney cloud infrastructure. Rated critical severity (CVS
An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.
An exploitable vulnerability exists in the torlist update functionality of Circle with Disney running firmware 2.0.1. Ra
An exploitable vulnerability exists in the servers update functionality of Circle with Disney running firmware 2.0.1. Ra
An exploitable vulnerability exists in the database update functionality of Circle with Disney running firmware 2.0.1. R
An exploitable authentication bypass vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1
A backdoor vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. Rated high
An exploitable vulnerability exists in the WiFi configuration functionality of Circle with Disney running firmware 2.0.1
An exploitable vulnerability exists in the signature verification of the firmware update functionality of Circle with Di
An exploitable Denial of Service vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. Ra
Same weakness CWE-290 – Authentication Bypass by Spoofing
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today