ID
VAR-201711-0790
CVE
CVE-2017-2866
TITLE
Circle with Disney In OS Command injection vulnerability
Trust: 0.8
sources:
JVNDB: JVNDB-2017-009920
DESCRIPTION
An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability. Circle with Disney Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CirclewithDisney is a network monitoring and management device used by CircleMedia of the United States to monitor children's online behavior
Trust: 2.25
sources:
NVD: CVE-2017-2866 //
JVNDB: JVNDB-2017-009920 //
CNVD: CNVD-2017-32884 //
VULHUB: VHN-111069
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2017-32884
AFFECTED PRODUCTS
| vendor: | meetcircle | model: | circle with disney | scope: | eq | version: | 2.0.1 | Trust: 1.6 |
| vendor: | circle media | model: | with disney | scope: | - | version: | - | Trust: 0.8 |
| vendor: | circle | model: | media circle with disney | scope: | eq | version: | 2.0.1 | Trust: 0.6 |
sources:
CNVD: CNVD-2017-32884 //
JVNDB: JVNDB-2017-009920 //
CNNVD: CNNVD-201711-111 //
NVD: CVE-2017-2866
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
CNVD: CNVD-2017-32884 //
VULHUB: VHN-111069 //
JVNDB: JVNDB-2017-009920 //
CNNVD: CNNVD-201711-111 //
NVD: CVE-2017-2866 //
NVD: CVE-2017-2866
PROBLEMTYPE DATA
| problemtype: | CWE-78 | Trust: 1.9 |
sources:
VULHUB: VHN-111069 //
JVNDB: JVNDB-2017-009920 //
NVD: CVE-2017-2866
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201711-111
TYPE
operating system commend injection
Trust: 0.6
sources:
CNNVD: CNNVD-201711-111
CONFIGURATIONS
sources:
JVNDB: JVNDB-2017-009920
PATCH
| title: | Top Page | url: | https://meetcircle.com/circle/ | Trust: 0.8 |
| title: | Patch for CirclewithDisney Command Injection Vulnerability (CNVD-2017-32884) | url: | https://www.cnvd.org.cn/patchInfo/show/105482 | Trust: 0.6 |
| title: | Circle with Disney Fixes for command injection vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76092 | Trust: 0.6 |
sources:
CNVD: CNVD-2017-32884 //
JVNDB: JVNDB-2017-009920 //
CNNVD: CNNVD-201711-111
EXTERNAL IDS
| db: | NVD | id: | CVE-2017-2866 | Trust: 3.1 |
| db: | TALOS | id: | TALOS-2017-0372 | Trust: 3.1 |
| db: | JVNDB | id: | JVNDB-2017-009920 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201711-111 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2017-32884 | Trust: 0.6 |
| db: | SEEBUG | id: | SSVID-96819 | Trust: 0.1 |
| db: | VULHUB | id: | VHN-111069 | Trust: 0.1 |
sources:
CNVD: CNVD-2017-32884 //
VULHUB: VHN-111069 //
JVNDB: JVNDB-2017-009920 //
CNNVD: CNNVD-201711-111 //
NVD: CVE-2017-2866
REFERENCES
| url: | https://www.talosintelligence.com/vulnerability_reports/talos-2017-0372 | Trust: 2.5 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2866 | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2017-2866 | Trust: 0.8 |
| url: | https://talosintelligence.com/vulnerability_reports/talos-2017-0372 | Trust: 0.6 |
sources:
CNVD: CNVD-2017-32884 //
VULHUB: VHN-111069 //
JVNDB: JVNDB-2017-009920 //
CNNVD: CNNVD-201711-111 //
NVD: CVE-2017-2866
CREDITS
Yves Younan, Cory Duplantis,Marcin 'Icewall' Noga, Claudio Bozzato, and Richard Johnson Cisco Talos, Aleksandar Nikolic, Lilith Wyatt <(^_^)>
Trust: 0.6
sources:
CNNVD: CNNVD-201711-111
SOURCES
| db: | CNVD | id: | CNVD-2017-32884 |
| db: | VULHUB | id: | VHN-111069 |
| db: | JVNDB | id: | JVNDB-2017-009920 |
| db: | CNNVD | id: | CNNVD-201711-111 |
| db: | NVD | id: | CVE-2017-2866 |
LAST UPDATE DATE
2025-04-20T23:03:57.391000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2017-32884 | date: | 2017-11-07T00:00:00 |
| db: | VULHUB | id: | VHN-111069 | date: | 2017-11-27T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-009920 | date: | 2017-11-28T00:00:00 |
| db: | CNNVD | id: | CNNVD-201711-111 | date: | 2022-04-20T00:00:00 |
| db: | NVD | id: | CVE-2017-2866 | date: | 2025-04-20T01:37:25.860 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2017-32884 | date: | 2017-11-07T00:00:00 |
| db: | VULHUB | id: | VHN-111069 | date: | 2017-11-07T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-009920 | date: | 2017-11-28T00:00:00 |
| db: | CNNVD | id: | CNNVD-201711-111 | date: | 2017-10-31T00:00:00 |
| db: | NVD | id: | CVE-2017-2866 | date: | 2017-11-07T16:29:00.467 |