Circle With Disney Firmware
CVE-2017-2890
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request trigger this vulnerability.
AnalysisAI
An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as OS Command Injection (CWE-78), which allows attackers to execute arbitrary operating system commands on the host. An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request trigger this vulnerability. Affected products include: Meetcircle Circle With Disney Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Avoid passing user input to shell commands. Use language-specific APIs instead of shell execution. Apply strict input validation with allowlists.
More in Circle With Disney Firmware
View allAn exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Rated high severity (
An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1. Rat
An exploitable routing vulnerability exists in the Circle with Disney cloud infrastructure. Rated critical severity (CVS
An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.
An exploitable vulnerability exists in the torlist update functionality of Circle with Disney running firmware 2.0.1. Ra
An exploitable vulnerability exists in the servers update functionality of Circle with Disney running firmware 2.0.1. Ra
An exploitable vulnerability exists in the database update functionality of Circle with Disney running firmware 2.0.1. R
An exploitable authentication bypass vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1
A backdoor vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. Rated high
An exploitable vulnerability exists in the WiFi configuration functionality of Circle with Disney running firmware 2.0.1
An exploitable vulnerability exists in the signature verification of the firmware update functionality of Circle with Di
An exploitable Denial of Service vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. Ra
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today