Vulnerability-Lookup

CVE-2017-2866 (GCVE-0-2017-2866)

Vulnerability from cvelistv5 – Published: 2017-11-07 16:00 – Updated: 2024-09-17 03:22

Summary

Severity ?

9.9 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE

command injection

Assigner

talos

References

URL

	Vendor	Product	Version
	Circle Media	Circle	Affected: firmware 2.0.1

VAR-201711-0790

Vulnerability from variot - Updated: 2025-04-20 23:03

An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability. Circle with Disney Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CirclewithDisney is a network monitoring and management device used by CircleMedia of the United States to monitor children's online behavior

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0790",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "circle with disney",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "meetcircle",
        "version": "2.0.1"
      },
      {
        "model": "with disney",
        "scope": null,
        "trust": 0.8,
        "vendor": "circle media",
        "version": null
      },
      {
        "model": "media circle with disney",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "circle",
        "version": "2.0.1"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-32884"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009920"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-111"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2866"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:meetcircle:circle_with_disney_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009920"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Yves Younan, Cory Duplantis,Marcin \u0027Icewall\u0027 Noga, Claudio Bozzato, and Richard Johnson Cisco Talos, Aleksandar Nikolic, Lilith Wyatt \u003c(^_^)\u003e",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-111"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2017-2866",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "id": "CVE-2017-2866",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "id": "CNVD-2017-32884",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "id": "VHN-111069",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2017-2866",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "talos-cna@cisco.com",
            "availabilityImpact": "HIGH",
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.1,
            "id": "CVE-2017-2866",
            "impactScore": 6.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-2866",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-2866",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "talos-cna@cisco.com",
            "id": "CVE-2017-2866",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-2866",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-32884",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201711-111",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-111069",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-32884"
      },
      {
        "db": "VULHUB",
        "id": "VHN-111069"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009920"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-111"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2866"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2866"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability. Circle with Disney Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CirclewithDisney is a network monitoring and management device used by CircleMedia of the United States to monitor children\u0027s online behavior",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-2866"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009920"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-32884"
      },
      {
        "db": "VULHUB",
        "id": "VHN-111069"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-2866",
        "trust": 3.1
      },
      {
        "db": "TALOS",
        "id": "TALOS-2017-0372",
        "trust": 3.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009920",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-111",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-32884",
        "trust": 0.6
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-96819",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-111069",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-32884"
      },
      {
        "db": "VULHUB",
        "id": "VHN-111069"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009920"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-111"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2866"
      }
    ]
  },
  "id": "VAR-201711-0790",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-32884"
      },
      {
        "db": "VULHUB",
        "id": "VHN-111069"
      }
    ],
    "trust": 1.7
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-32884"
      }
    ]
  },
  "last_update_date": "2025-04-20T23:03:57.391000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "https://meetcircle.com/circle/"
      },
      {
        "title": "Patch for CirclewithDisney Command Injection Vulnerability (CNVD-2017-32884)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/105482"
      },
      {
        "title": "Circle with Disney Fixes for command injection vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76092"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-32884"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009920"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-111"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-78",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-111069"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009920"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2866"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2017-0372"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2866"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2866"
      },
      {
        "trust": 0.6,
        "url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0372"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-32884"
      },
      {
        "db": "VULHUB",
        "id": "VHN-111069"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009920"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-111"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2866"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-32884"
      },
      {
        "db": "VULHUB",
        "id": "VHN-111069"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009920"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-111"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2866"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-11-07T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-32884"
      },
      {
        "date": "2017-11-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-111069"
      },
      {
        "date": "2017-11-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-009920"
      },
      {
        "date": "2017-10-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201711-111"
      },
      {
        "date": "2017-11-07T16:29:00.467000",
        "db": "NVD",
        "id": "CVE-2017-2866"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-11-07T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-32884"
      },
      {
        "date": "2017-11-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-111069"
      },
      {
        "date": "2017-11-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-009920"
      },
      {
        "date": "2022-04-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201711-111"
      },
      {
        "date": "2025-04-20T01:37:25.860000",
        "db": "NVD",
        "id": "CVE-2017-2866"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-111"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Circle with Disney In  OS Command injection vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009920"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "operating system commend injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-111"
      }
    ],
    "trust": 0.6
  }
}

GHSA-396H-CMXR-RG77

Vulnerability from github – Published: 2022-05-13 01:01 – Updated: 2022-05-13 01:01

Details

Severity ?

8.8 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-2866"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-11-07T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability.",
  "id": "GHSA-396h-cmxr-rg77",
  "modified": "2022-05-13T01:01:18Z",
  "published": "2022-05-13T01:01:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2866"
    },
    {
      "type": "WEB",
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0372"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2017-2866

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-2866

Aliases

CVE-2017-2866

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-2866",
    "description": "An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability.",
    "id": "GSD-2017-2866"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-2866"
      ],
      "details": "An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability.",
      "id": "GSD-2017-2866",
      "modified": "2023-12-13T01:21:05.323754Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "talos-cna@cisco.com",
        "DATE_PUBLIC": "2017-10-31T00:00:00",
        "ID": "CVE-2017-2866",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Circle",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "firmware 2.0.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Circle Media"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability."
          }
        ]
      },
      "impact": {
        "cvss": {
          "baseScore": 9.9,
          "baseSeverity": "Critical",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "command injection"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0372",
            "refsource": "MISC",
            "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0372"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:meetcircle:circle_with_disney_firmware:2.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:meetcircle:circle_with_disney:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "ID": "CVE-2017-2866"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0372",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Technical Description",
                "Third Party Advisory"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0372"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-06-03T19:03Z",
      "publishedDate": "2017-11-07T16:29Z"
    }
  }
}

CNVD-2017-32884

Vulnerability from cnvd - Published: 2017-11-07

Title

Circle with Disney命令注入漏洞（CNVD-2017-32884）

Description

Circle with Disney是美国Circle Media公司的一套用于监控儿童上网行为的网络监控管理设备。 Circle with Disney中的/api/CONFIG/backup功能存在命令注入漏洞。攻击者可通过发送HTTP请求利用该漏洞注入操作系统命令。

Severity

高

Patch Name

Circle with Disney命令注入漏洞（CNVD-2017-32884）的补丁

Patch Description

Circle with Disney是美国Circle Media公司的一套用于监控儿童上网行为的网络监控管理设备。 Circle with Disney中的/api/CONFIG/backup功能存在命令注入漏洞。攻击者可通过发送HTTP请求利用该漏洞注入操作系统命令。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://support.meetcircle.com/13577-general-help/whats-the-latest-app-and-firmware-version-of-circle?from_search=19392044

Reference

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0372

Impacted products

Name
Circle Media Circle with Disney 2.0.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-2866"
    }
  },
  "description": "Circle with Disney\u662f\u7f8e\u56fdCircle Media\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8e\u76d1\u63a7\u513f\u7ae5\u4e0a\u7f51\u884c\u4e3a\u7684\u7f51\u7edc\u76d1\u63a7\u7ba1\u7406\u8bbe\u5907\u3002\r\n\r\nCircle with Disney\u4e2d\u7684/api/CONFIG/backup\u529f\u80fd\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001HTTP\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u3002",
  "discovererName": "Marcin \u0027Icewall\u0027 Noga, Cory Duplantis, Yves Younan, Claudio Bozzato, Lilith Wyatt \u003c(^_^)\u003e, Aleksandar Nikolic, and Richard Johnson Cisco Talos.",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.meetcircle.com/13577-general-help/whats-the-latest-app-and-firmware-version-of-circle?from_search=19392044",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-32884",
  "openTime": "2017-11-07",
  "patchDescription": "Circle with Disney\u662f\u7f8e\u56fdCircle Media\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8e\u76d1\u63a7\u513f\u7ae5\u4e0a\u7f51\u884c\u4e3a\u7684\u7f51\u7edc\u76d1\u63a7\u7ba1\u7406\u8bbe\u5907\u3002\r\n\r\nCircle with Disney\u4e2d\u7684/api/CONFIG/backup\u529f\u80fd\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001HTTP\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Circle with Disney\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2017-32884\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Circle Media Circle with Disney 2.0.1"
  },
  "referenceLink": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0372",
  "serverity": "\u9ad8",
  "submitTime": "2017-11-02",
  "title": "Circle with Disney\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2017-32884\uff09"
}

FKIE_CVE-2017-2866

Vulnerability from fkie_nvd - Published: 2017-11-07 16:29 - Updated: 2025-04-20 01:37

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	talos-cna@cisco.com	https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0372	Exploit, Technical Description, Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0372	Exploit, Technical Description, Third Party Advisory

Impacted products

	Vendor	Product	Version
	meetcircle	circle_with_disney_firmware	2.0.1
	meetcircle	circle_with_disney	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:meetcircle:circle_with_disney_firmware:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "287E642C-D156-4E0E-B8F7-2EFEEDC77E99",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:meetcircle:circle_with_disney:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9661BDE9-416C-40BF-B65C-E9979F511FF6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad explotable en la funcionalidad /api/CONFIG/backup de Circle with Disney. Los paquetes de red especialmente manipulados pueden provocar una inyecci\u00f3n de comandos de sistema operativo. Un atacante puede enviar una petici\u00f3n HTTP para provocar esta vulnerabilidad."
    }
  ],
  "id": "CVE-2017-2866",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.9,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 6.0,
        "source": "talos-cna@cisco.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-11-07T16:29:00.467",
  "references": [
    {
      "source": "talos-cna@cisco.com",
      "tags": [
        "Exploit",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0372"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0372"
    }
  ],
  "sourceIdentifier": "talos-cna@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-2866 (GCVE-0-2017-2866)

VAR-201711-0790

GHSA-396H-CMXR-RG77

GSD-2017-2866

CNVD-2017-32884

FKIE_CVE-2017-2866

Tags

Sightings

Nomenclature