Filtered by vendor Meetcircle
Subscribe
Search
Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-2913 | 1 Meetcircle | 2 Circle With Disney, Circle With Disney Firmware | 2022-06-13 | 2.6 LOW | 5.9 MEDIUM |
| An exploitable vulnerability exists in the filtering functionality of Circle with Disney. SSL certificates for specific domain names can cause the Bluecoat library to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability. | |||||
| CVE-2017-2911 | 1 Meetcircle | 2 Circle With Disney, Circle With Disney Firmware | 2022-06-13 | 2.6 LOW | 5.9 MEDIUM |
| An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the rclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability. | |||||
| CVE-2017-2912 | 1 Meetcircle | 2 Circle With Disney, Circle With Disney Firmware | 2022-06-13 | 2.6 LOW | 5.9 MEDIUM |
| An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the goclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability. | |||||
| CVE-2017-12096 | 1 Meetcircle | 2 Circle With Disney, Circle With Disney Firmware | 2019-10-03 | 6.1 MEDIUM | 6.5 MEDIUM |
| An exploitable vulnerability exists in the WiFi management of Circle with Disney. A crafted Access Point with the same name as the legitimate one can be used to make Circle connect to an untrusted network. An attacker needs to setup an Access Point reachable by the device and to send a series of spoofed "deauth" packets to trigger this vulnerability. | |||||
| CVE-2017-12095 | 1 Meetcircle | 1 Circle With Disney Firmware | 2019-10-03 | 3.3 LOW | 6.5 MEDIUM |
| An exploitable vulnerability exists in the WiFi Access Point feature of Circle with Disney running firmware 2.0.1. A series of WiFi packets can force Circle to setup an Access Point with default credentials. An attacker needs to send a series of spoofed "de-auth" packets to trigger this vulnerability. | |||||
| CVE-2017-12084 | 1 Meetcircle | 2 Circle With Disney, Circle With Disney Firmware | 2019-10-03 | 6.0 MEDIUM | 6.6 MEDIUM |
| A backdoor vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. A specific set of network packets can remotely start an SSH server on the device, resulting in a persistent backdoor. An attacker can send an API call to enable the SSH server. | |||||
| CVE-2017-12094 | 1 Meetcircle | 2 Circle With Disney, Circle With Disney Firmware | 2017-11-28 | 6.1 MEDIUM | 6.5 MEDIUM |
| An exploitable vulnerability exists in the WiFi Channel parsing of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary sed commands. An attacker needs to setup an access point reachable by the device to trigger this vulnerability. | |||||
| CVE-2017-12083 | 1 Meetcircle | 2 Circle With Disney, Circle With Disney Firmware | 2017-11-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| An exploitable information disclosure vulnerability exists in the apid daemon of the Circle with Disney running firmware 2.0.1. A specially crafted set of packets can make the Disney Circle dump strings from an internal database into an HTTP response. An attacker needs network connectivity to the Internet to trigger this vulnerability. | |||||