Circle With Disney Firmware
CVE-2017-2889
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
An exploitable Denial of Service vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A large amount of simultaneous TCP connections causes the APID daemon to repeatedly fork, causing the daemon to run out of memory and trigger a device reboot. An attacker needs network connectivity to the device to trigger this vulnerability.
AnalysisAI
An exploitable Denial of Service vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Uncontrolled Resource Consumption (CWE-400), which allows attackers to cause denial of service by exhausting system resources. An exploitable Denial of Service vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A large amount of simultaneous TCP connections causes the APID daemon to repeatedly fork, causing the daemon to run out of memory and trigger a device reboot. An attacker needs network connectivity to the device to trigger this vulnerability. Affected products include: Meetcircle Circle With Disney Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement rate limiting, set resource quotas, validate input sizes, use timeouts.
More in Circle With Disney Firmware
View allAn exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Rated high severity (
An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1. Rat
An exploitable routing vulnerability exists in the Circle with Disney cloud infrastructure. Rated critical severity (CVS
An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.
An exploitable vulnerability exists in the torlist update functionality of Circle with Disney running firmware 2.0.1. Ra
An exploitable vulnerability exists in the servers update functionality of Circle with Disney running firmware 2.0.1. Ra
An exploitable vulnerability exists in the database update functionality of Circle with Disney running firmware 2.0.1. R
An exploitable authentication bypass vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1
A backdoor vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. Rated high
An exploitable vulnerability exists in the WiFi configuration functionality of Circle with Disney running firmware 2.0.1
An exploitable vulnerability exists in the signature verification of the firmware update functionality of Circle with Di
An exploitable vulnerability exists in the user photo update functionality of Circle with Disney running firmware 2.0.1.
Same weakness CWE-400 – Uncontrolled Resource Consumption
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today