CVE-2017-12084 — HIGH (8.0)

Vulnerability Description

A backdoor vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. A specific set of network packets can remotely start an SSH server on the device, resulting in a persistent backdoor. An attacker can send an API call to enable the SSH server.

CVSS Score

8.0

HIGH

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Meetcircle	Circle With Disney Firmware	2.0.1
Meetcircle	Circle With Disney	-

Related Weaknesses (CWE)

CWE-862

References

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0436ExploitTechnical DescriptionThird Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0436ExploitTechnical DescriptionThird Party Advisory

FAQ

What is CVE-2017-12084?

CVE-2017-12084 is a vulnerability with a CVSS score of 8.0 (HIGH). A backdoor vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. A specific set of network packets can remotely start an SSH server on the device, resultin...

How severe is CVE-2017-12084?

CVE-2017-12084 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-12084?

Check the references section above for vendor advisories and patch information. Affected products include: Meetcircle Circle With Disney Firmware, Meetcircle Circle With Disney.