Back to overview

CVE-2017-2890

CRITICAL
9.9
CVSS 3.0
Description
An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request trigger this vulnerability.

Metadata

CVE ID
CVE-2017-2890
State
PUBLISHED
Assigner
talos
Reserved
2016-12-01 00:00 UTC
Published
2017-11-07 16:00 UTC
Last updated
2024-09-16 16:28 UTC
Vendor / Product
Circle Media / Circle
Sources
cve.org  ·  NVD

Severity & Metrics

9.9 CRITICAL CVSS 3.0
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected products (1)
VendorProductPlatformVersions
Circle Media Circle firmware 2.0.1
Weakness (CWE)
CWESourceDescription
cna command injection
CVSS scores (1)
ScoreSeverityVersionSourceVector
9.9 CRITICAL 3.0 cna CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
References (1)
Back to overview