An exploitable information disclosure vulnerability exists in the apid daemon of the Circle with Disney running firmware 2.0.1. A specially crafted set of packets can make the Disney Circle dump strings from an internal database into an HTTP response. An attacker needs network connectivity to the Internet to trigger this vulnerability.
References
Link | Resource |
---|---|
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0435 | Exploit Technical Description Third Party Advisory |
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0435 | Exploit Technical Description Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 03:08
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 5.8 |
References | () https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0435 - Exploit, Technical Description, Third Party Advisory |
Information
Published : 2017-11-07 16:29
Updated : 2024-11-21 03:08
NVD link : CVE-2017-12083
Mitre link : CVE-2017-12083
CVE.ORG link : CVE-2017-12083
JSON object : View
Products Affected
meetcircle
- circle_with_disney
- circle_with_disney_firmware
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor