Sign-up

ID

VAR-201711-0140


CVE

CVE-2017-12083


TITLE

Circle with Disney Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2017-33242 // CNNVD: CNNVD-201711-112

DESCRIPTION

An exploitable information disclosure vulnerability exists in the apid daemon of the Circle with Disney running firmware 2.0.1. A specially crafted set of packets can make the Disney Circle dump strings from an internal database into an HTTP response. An attacker needs network connectivity to the Internet to trigger this vulnerability. CirclewithDisney is a network monitoring and management device used by CircleMedia of the United States to monitor children's online behavior

Trust: 2.25

sources: NVD: CVE-2017-12083 // JVNDB: JVNDB-2017-009984 // CNVD: CNVD-2017-33242 // VULHUB: VHN-102570

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-33242

AFFECTED PRODUCTS

vendor:meetcirclemodel:circle with disneyscope:eqversion:2.0.1

Trust: 1.6

vendor:circle mediamodel:with disneyscope:eqversion:2.0.1

Trust: 0.8

vendor:circlemodel:media circle with disneyscope:eqversion:2.0.1

Trust: 0.6

sources: CNVD: CNVD-2017-33242 // JVNDB: JVNDB-2017-009984 // CNNVD: CNNVD-201711-112 // NVD: CVE-2017-12083

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12083
value: MEDIUM

Trust: 1.0

talos-cna@cisco.com: CVE-2017-12083
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-12083
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-33242
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201711-112
value: MEDIUM

Trust: 0.6

VULHUB: VHN-102570
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-12083
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-33242
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-102570
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12083
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

talos-cna@cisco.com: CVE-2017-12083
baseSeverity: MEDIUM
baseScore: 5.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.0

sources: CNVD: CNVD-2017-33242 // VULHUB: VHN-102570 // JVNDB: JVNDB-2017-009984 // CNNVD: CNNVD-201711-112 // NVD: CVE-2017-12083 // NVD: CVE-2017-12083

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-102570 // JVNDB: JVNDB-2017-009984 // NVD: CVE-2017-12083

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-112

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201711-112

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009984

PATCH
title:Top Pageurl:https://meetcircle.com/circle/
Trust: 0.8
title:CirclewithDisney Information Disclosure Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/105723
Trust: 0.6
title:Circle with Disney Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=190063
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-33242 // 
            
            
            
            JVNDB: JVNDB-2017-009984 // 
            
            
            
            CNNVD: CNNVD-201711-112

EXTERNAL IDS
db:TALOSid:TALOS-2017-0435
Trust: 3.1
db:NVDid:CVE-2017-12083
Trust: 3.1
db:JVNDBid:JVNDB-2017-009984
Trust: 0.8
db:CNNVDid:CNNVD-201711-112
Trust: 0.7
db:CNVDid:CNVD-2017-33242
Trust: 0.6
db:SEEBUGid:SSVID-96823
Trust: 0.1
db:VULHUBid:VHN-102570
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-33242 // 
            
            
            
            VULHUB: VHN-102570 // 
            
            
            
            JVNDB: JVNDB-2017-009984 // 
            
            
            
            CNNVD: CNNVD-201711-112 // 
            
            
            
            NVD: CVE-2017-12083

REFERENCES
url:https://www.talosintelligence.com/vulnerability_reports/talos-2017-0435
Trust: 2.5
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12083
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-12083
Trust: 0.8
url:https://talosintelligence.com/vulnerability_reports/talos-2017-0435
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-33242 // 
            
            
            
            VULHUB: VHN-102570 // 
            
            
            
            JVNDB: JVNDB-2017-009984 // 
            
            
            
            CNNVD: CNNVD-201711-112 // 
            
            
            
            NVD: CVE-2017-12083

CREDITS
Lilith Wyatt and Claudio Bozzato of Cisco Talos
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201711-112

SOURCES
db:CNVDid:CNVD-2017-33242
db:VULHUBid:VHN-102570
db:JVNDBid:JVNDB-2017-009984
db:CNNVDid:CNNVD-201711-112
db:NVDid:CVE-2017-12083

LAST UPDATE DATE
2025-04-20T23:29:32.205000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-33242date:2017-11-09T00:00:00
db:VULHUBid:VHN-102570date:2017-11-28T00:00:00
db:JVNDBid:JVNDB-2017-009984date:2017-11-30T00:00:00
db:CNNVDid:CNNVD-201711-112date:2022-04-20T00:00:00
db:NVDid:CVE-2017-12083date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-33242date:2017-11-09T00:00:00
db:VULHUBid:VHN-102570date:2017-11-07T00:00:00
db:JVNDBid:JVNDB-2017-009984date:2017-11-30T00:00:00
db:CNNVDid:CNNVD-201711-112date:2017-10-31T00:00:00
db:NVDid:CVE-2017-12083date:2017-11-07T16:29:00.217