CVE-2017-12083

An exploitable information disclosure vulnerability exists in the apid daemon of the Circle with Disney running firmware 2.0.1. A specially crafted set of packets can make the Disney Circle dump strings from an internal database into an HTTP response. An attacker needs network connectivity to the Internet to trigger this vulnerability.
References
Link Resource
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0435 Exploit Technical Description Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0435 Exploit Technical Description Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:meetcircle:circle_with_disney_firmware:2.0.1:*:*:*:*:*:*:*
cpe:2.3:h:meetcircle:circle_with_disney:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:08

Type Values Removed Values Added
CVSS v2 : 5.0
v3 : 5.3
v2 : 5.0
v3 : 5.8
References () https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0435 - Exploit, Technical Description, Third Party Advisory () https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0435 - Exploit, Technical Description, Third Party Advisory

Information

Published : 2017-11-07 16:29

Updated : 2024-11-21 03:08


NVD link : CVE-2017-12083

Mitre link : CVE-2017-12083

CVE.ORG link : CVE-2017-12083


JSON object : View

Products Affected

meetcircle

  • circle_with_disney
  • circle_with_disney_firmware
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor