Sign-up

ID

VAR-201711-0143


CVE

CVE-2017-12094


TITLE

Circle with Disney Command injection vulnerability in some firmware

Trust: 0.8

sources: JVNDB: JVNDB-2017-009987

DESCRIPTION

An exploitable vulnerability exists in the WiFi Channel parsing of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary sed commands. An attacker needs to setup an access point reachable by the device to trigger this vulnerability. Circle with Disney Has a command injection vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. CirclewithDisney is a network monitoring and management device used by CircleMedia of the United States to monitor children's online behavior. A command injection vulnerability exists in the WiFiChannel resolution in the CirclewithDisney 2.0.1 release

Trust: 2.25

sources: NVD: CVE-2017-12094 // JVNDB: JVNDB-2017-009987 // CNVD: CNVD-2017-33187 // VULHUB: VHN-102582

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-33187

AFFECTED PRODUCTS

vendor:meetcirclemodel:circle with disneyscope:eqversion:2.0.1

Trust: 1.6

vendor:circle mediamodel:with disneyscope:eqversion:2.0.1

Trust: 0.8

vendor:circlemodel:media circle with disneyscope:eqversion:2.0.1

Trust: 0.6

sources: CNVD: CNVD-2017-33187 // JVNDB: JVNDB-2017-009987 // CNNVD: CNNVD-201711-105 // NVD: CVE-2017-12094

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12094
value: MEDIUM

Trust: 1.0

talos-cna@cisco.com: CVE-2017-12094
value: HIGH

Trust: 1.0

NVD: CVE-2017-12094
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-33187
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201711-105
value: MEDIUM

Trust: 0.6

VULHUB: VHN-102582
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-12094
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-33187
severity: MEDIUM
baseScore: 5.5
vectorString: AV:A/AC:L/AU:S/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 5.1
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-102582
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12094
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

talos-cna@cisco.com: CVE-2017-12094
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.0
version: 3.0

Trust: 1.0

sources: CNVD: CNVD-2017-33187 // VULHUB: VHN-102582 // JVNDB: JVNDB-2017-009987 // CNNVD: CNNVD-201711-105 // NVD: CVE-2017-12094 // NVD: CVE-2017-12094

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.9

sources: VULHUB: VHN-102582 // JVNDB: JVNDB-2017-009987 // NVD: CVE-2017-12094

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201711-105

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-201711-105

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009987

PATCH
title:Top Pageurl:https://meetcircle.com/circle/
Trust: 0.8
title:Patch for CirclewithDisney Command Injection Vulnerability (CNVD-2017-33187)url:https://www.cnvd.org.cn/patchInfo/show/105676
Trust: 0.6
title:Circle with Disney Fixes for command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=190060
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-33187 // 
            
            
            
            JVNDB: JVNDB-2017-009987 // 
            
            
            
            CNNVD: CNNVD-201711-105

EXTERNAL IDS
db:NVDid:CVE-2017-12094
Trust: 3.1
db:TALOSid:TALOS-2017-0446
Trust: 3.1
db:JVNDBid:JVNDB-2017-009987
Trust: 0.8
db:CNNVDid:CNNVD-201711-105
Trust: 0.7
db:CNVDid:CNVD-2017-33187
Trust: 0.6
db:SEEBUGid:SSVID-96815
Trust: 0.1
db:VULHUBid:VHN-102582
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-33187 // 
            
            
            
            VULHUB: VHN-102582 // 
            
            
            
            JVNDB: JVNDB-2017-009987 // 
            
            
            
            CNNVD: CNNVD-201711-105 // 
            
            
            
            NVD: CVE-2017-12094

REFERENCES
url:https://www.talosintelligence.com/vulnerability_reports/talos-2017-0446
Trust: 2.5
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12094
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-12094
Trust: 0.8
url:https://talosintelligence.com/vulnerability_reports/talos-2017-0446
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-33187 // 
            
            
            
            VULHUB: VHN-102582 // 
            
            
            
            JVNDB: JVNDB-2017-009987 // 
            
            
            
            CNNVD: CNNVD-201711-105 // 
            
            
            
            NVD: CVE-2017-12094

CREDITS
Claudio Bozzato and Lilith Wyatt of Cisco Talos
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201711-105

SOURCES
db:CNVDid:CNVD-2017-33187
db:VULHUBid:VHN-102582
db:JVNDBid:JVNDB-2017-009987
db:CNNVDid:CNNVD-201711-105
db:NVDid:CVE-2017-12094

LAST UPDATE DATE
2025-04-20T23:12:45.962000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-33187date:2017-11-08T00:00:00
db:VULHUBid:VHN-102582date:2017-11-28T00:00:00
db:JVNDBid:JVNDB-2017-009987date:2017-11-30T00:00:00
db:CNNVDid:CNNVD-201711-105date:2022-04-20T00:00:00
db:NVDid:CVE-2017-12094date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-33187date:2017-11-08T00:00:00
db:VULHUBid:VHN-102582date:2017-11-07T00:00:00
db:JVNDBid:JVNDB-2017-009987date:2017-11-30T00:00:00
db:CNNVDid:CNNVD-201711-105date:2017-10-31T00:00:00
db:NVDid:CVE-2017-12094date:2017-11-07T16:29:00.327