CVE-2017-2916

CVSS 9.9 CRITICALEPSS 2.3%

An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an arbitrary file to be overwritten. An attacker can send an HTTP request to trigger this vulnerability.

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected products

Circle Media · Circle

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0423