Vulnerability-Lookup

CVE-2017-2915 (GCVE-0-2017-2915)

Vulnerability from cvelistv5 – Published: 2017-11-07 16:00 – Updated: 2024-09-17 04:20

Summary

Severity ?

9 (Critical)


                        
                          CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE

arbitrary code execution

Assigner

talos

References

URL

	Vendor	Product	Version
	Circle Media	Circle	Affected: firmware 2.0.1

VAR-201711-0810

Vulnerability from variot - Updated: 2025-04-20 23:42

An exploitable vulnerability exists in the WiFi configuration functionality of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary shell commands. An attacker needs to send a couple of HTTP requests and setup an access point reachable by the device to trigger this vulnerability. Circle with Disney Has a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CirclewithDisney is a network monitoring and management device used by CircleMedia of the United States to monitor children's online behavior

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0810",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "circle with disney",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "meetcircle",
        "version": "2.0.1"
      },
      {
        "model": "with disney",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "circle media",
        "version": "2.0.1"
      },
      {
        "model": "media circle with disney",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "circle",
        "version": "2.0.1"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-33183"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009996"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-098"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2915"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:meetcircle:circle_with_disney_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009996"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Claudio Bozzato and Lilith Wyatt of Cisco Talos",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-098"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2017-2915",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.7,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 5.1,
            "id": "CVE-2017-2915",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 6.5,
            "id": "CNVD-2017-33183",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.7,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 5.1,
            "id": "VHN-111118",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:A/AC:L/AU:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.1,
            "id": "CVE-2017-2915",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT",
            "author": "talos-cna@cisco.com",
            "availabilityImpact": "HIGH",
            "baseScore": 9.0,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.3,
            "id": "CVE-2017-2915",
            "impactScore": 6.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.0,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-2915",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-2915",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "talos-cna@cisco.com",
            "id": "CVE-2017-2915",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-2915",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-33183",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201711-098",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-111118",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-33183"
      },
      {
        "db": "VULHUB",
        "id": "VHN-111118"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009996"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-098"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2915"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2915"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An exploitable vulnerability exists in the WiFi configuration functionality of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary shell commands. An attacker needs to send a couple of HTTP requests and setup an access point reachable by the device to trigger this vulnerability. Circle with Disney Has a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CirclewithDisney is a network monitoring and management device used by CircleMedia of the United States to monitor children\u0027s online behavior",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-2915"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009996"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-33183"
      },
      {
        "db": "VULHUB",
        "id": "VHN-111118"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-2915",
        "trust": 3.1
      },
      {
        "db": "TALOS",
        "id": "TALOS-2017-0422",
        "trust": 3.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009996",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-098",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-33183",
        "trust": 0.6
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-96827",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-111118",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-33183"
      },
      {
        "db": "VULHUB",
        "id": "VHN-111118"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009996"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-098"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2915"
      }
    ]
  },
  "id": "VAR-201711-0810",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-33183"
      },
      {
        "db": "VULHUB",
        "id": "VHN-111118"
      }
    ],
    "trust": 1.7
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-33183"
      }
    ]
  },
  "last_update_date": "2025-04-20T23:42:54.817000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "https://meetcircle.com/circle/"
      },
      {
        "title": "Patch for CirclewithDisney Command Injection Vulnerability (CNVD-2017-33183)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/105656"
      },
      {
        "title": "Circle with Disney Fixes for command injection vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100149"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-33183"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009996"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-098"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-77",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-111118"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009996"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2915"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.1,
        "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2017-0422"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2915"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2915"
      },
      {
        "trust": 0.6,
        "url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0422"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-33183"
      },
      {
        "db": "VULHUB",
        "id": "VHN-111118"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009996"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-098"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2915"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-33183"
      },
      {
        "db": "VULHUB",
        "id": "VHN-111118"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009996"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-098"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2915"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-11-08T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-33183"
      },
      {
        "date": "2017-11-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-111118"
      },
      {
        "date": "2017-11-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-009996"
      },
      {
        "date": "2017-10-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201711-098"
      },
      {
        "date": "2017-11-07T16:29:01.107000",
        "db": "NVD",
        "id": "CVE-2017-2915"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-11-08T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-33183"
      },
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-111118"
      },
      {
        "date": "2017-11-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-009996"
      },
      {
        "date": "2022-04-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201711-098"
      },
      {
        "date": "2025-04-20T01:37:25.860000",
        "db": "NVD",
        "id": "CVE-2017-2915"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote or local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-098"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Circle with Disney Command injection vulnerability in some firmware",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009996"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "command injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-098"
      }
    ],
    "trust": 0.6
  }
}

GHSA-G562-G36Q-C5HJ

Vulnerability from github – Published: 2022-05-13 01:01 – Updated: 2022-05-13 01:01

Details

Severity ?

8.0 (High)


                  
                    CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-2915"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-11-07T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "An exploitable vulnerability exists in the WiFi configuration functionality of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary shell commands. An attacker needs to send a couple of HTTP requests and setup an access point reachable by the device to trigger this vulnerability.",
  "id": "GHSA-g562-g36q-c5hj",
  "modified": "2022-05-13T01:01:13Z",
  "published": "2022-05-13T01:01:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2915"
    },
    {
      "type": "WEB",
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0422"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2017-33183

Vulnerability from cnvd - Published: 2017-11-08

Title

Circle with Disney命令注入漏洞（CNVD-2017-33183）

Description

Circle with Disney是美国Circle Media公司的一套用于监控儿童上网行为的网络监控管理设备。 Circle with Disney 2.0.1版本中的WiFi配置功能存在命令注入漏洞。攻击者可通过发送HTTP请求并搭建该设备可访问的访问接入点利用该漏洞执行任意的shell命令。

Severity

高

Patch Name

Circle with Disney命令注入漏洞（CNVD-2017-33183）的补丁

Patch Description

Circle with Disney是美国Circle Media公司的一套用于监控儿童上网行为的网络监控管理设备。 Circle with Disney 2.0.1版本中的WiFi配置功能存在命令注入漏洞。攻击者可通过发送HTTP请求并搭建该设备可访问的访问接入点利用该漏洞执行任意的shell命令。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://support.meetcircle.com/13577-general-help/whats-the-latest-app-and-firmware-version-of-circle?from_search=19392044

Reference

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0422

Impacted products

Name
Circle Media Circle with Disney 2.0.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-2915"
    }
  },
  "description": "Circle with Disney\u662f\u7f8e\u56fdCircle Media\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8e\u76d1\u63a7\u513f\u7ae5\u4e0a\u7f51\u884c\u4e3a\u7684\u7f51\u7edc\u76d1\u63a7\u7ba1\u7406\u8bbe\u5907\u3002\r\n\r\nCircle with Disney 2.0.1\u7248\u672c\u4e2d\u7684WiFi\u914d\u7f6e\u529f\u80fd\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001HTTP\u8bf7\u6c42\u5e76\u642d\u5efa\u8be5\u8bbe\u5907\u53ef\u8bbf\u95ee\u7684\u8bbf\u95ee\u63a5\u5165\u70b9\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u7684shell\u547d\u4ee4\u3002",
  "discovererName": "Claudio Bozzato and Lilith Wyatt of Cisco Talos.",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.meetcircle.com/13577-general-help/whats-the-latest-app-and-firmware-version-of-circle?from_search=19392044",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-33183",
  "openTime": "2017-11-08",
  "patchDescription": "Circle with Disney\u662f\u7f8e\u56fdCircle Media\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8e\u76d1\u63a7\u513f\u7ae5\u4e0a\u7f51\u884c\u4e3a\u7684\u7f51\u7edc\u76d1\u63a7\u7ba1\u7406\u8bbe\u5907\u3002\r\n\r\nCircle with Disney 2.0.1\u7248\u672c\u4e2d\u7684WiFi\u914d\u7f6e\u529f\u80fd\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001HTTP\u8bf7\u6c42\u5e76\u642d\u5efa\u8be5\u8bbe\u5907\u53ef\u8bbf\u95ee\u7684\u8bbf\u95ee\u63a5\u5165\u70b9\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u7684shell\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Circle with Disney\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2017-33183\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Circle Media Circle with Disney 2.0.1"
  },
  "referenceLink": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0422",
  "serverity": "\u9ad8",
  "submitTime": "2017-11-02",
  "title": "Circle with Disney\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2017-33183\uff09"
}

GSD-2017-2915

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-2915

Aliases

CVE-2017-2915

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-2915",
    "description": "An exploitable vulnerability exists in the WiFi configuration functionality of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary shell commands. An attacker needs to send a couple of HTTP requests and setup an access point reachable by the device to trigger this vulnerability.",
    "id": "GSD-2017-2915"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-2915"
      ],
      "details": "An exploitable vulnerability exists in the WiFi configuration functionality of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary shell commands. An attacker needs to send a couple of HTTP requests and setup an access point reachable by the device to trigger this vulnerability.",
      "id": "GSD-2017-2915",
      "modified": "2023-12-13T01:21:05.845331Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "talos-cna@cisco.com",
        "DATE_PUBLIC": "2017-10-31T00:00:00",
        "ID": "CVE-2017-2915",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Circle",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "firmware 2.0.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Circle Media"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An exploitable vulnerability exists in the WiFi configuration functionality of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary shell commands. An attacker needs to send a couple of HTTP requests and setup an access point reachable by the device to trigger this vulnerability."
          }
        ]
      },
      "impact": {
        "cvss": {
          "baseScore": 9.0,
          "baseSeverity": "Critical",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "arbitrary code execution"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0422",
            "refsource": "MISC",
            "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0422"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:meetcircle:circle_with_disney_firmware:2.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:meetcircle:circle_with_disney:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "ID": "CVE-2017-2915"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An exploitable vulnerability exists in the WiFi configuration functionality of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary shell commands. An attacker needs to send a couple of HTTP requests and setup an access point reachable by the device to trigger this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0422",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Technical Description",
                "Third Party Advisory"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0422"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.7,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 5.1,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.1,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-06-13T19:17Z",
      "publishedDate": "2017-11-07T16:29Z"
    }
  }
}

FKIE_CVE-2017-2915

Vulnerability from fkie_nvd - Published: 2017-11-07 16:29 - Updated: 2025-04-20 01:37

Severity ?

8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	talos-cna@cisco.com	https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0422	Exploit, Technical Description, Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0422	Exploit, Technical Description, Third Party Advisory

Impacted products

	Vendor	Product	Version
	meetcircle	circle_with_disney_firmware	2.0.1
	meetcircle	circle_with_disney	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:meetcircle:circle_with_disney_firmware:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "287E642C-D156-4E0E-B8F7-2EFEEDC77E99",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:meetcircle:circle_with_disney:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9661BDE9-416C-40BF-B65C-E9979F511FF6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An exploitable vulnerability exists in the WiFi configuration functionality of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary shell commands. An attacker needs to send a couple of HTTP requests and setup an access point reachable by the device to trigger this vulnerability."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad explotable en la funcionalidad de configuraci\u00f3n de wifi de Circle with Disney con firmware 2.0.1. Un SSID especialmente manipulado puede provocar que el dispositivo ejecute comandos shell arbitrarios. Un atacante necesita enviar un par de peticiones HTTP y configurar un punto de acceso alcanzable por el dispositivo para desencadenar esta vulnerabilidad."
    }
  ],
  "id": "CVE-2017-2915",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.7,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 5.1,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 6.0,
        "source": "talos-cna@cisco.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-11-07T16:29:01.107",
  "references": [
    {
      "source": "talos-cna@cisco.com",
      "tags": [
        "Exploit",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0422"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0422"
    }
  ],
  "sourceIdentifier": "talos-cna@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-2915 (GCVE-0-2017-2915)

VAR-201711-0810

GHSA-G562-G36Q-C5HJ

CNVD-2017-33183

GSD-2017-2915

FKIE_CVE-2017-2915

Tags

Sightings

Nomenclature