Sign-up

ID

VAR-201711-0791


CVE

CVE-2017-2881


TITLE

Circle with Disney Input vulnerability in Windows firmware

Trust: 0.8

sources: JVNDB: JVNDB-2017-009921

DESCRIPTION

An exploitable vulnerability exists in the torlist update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the product to run an attacker-supplied shell script. An attacker can intercept and alter network traffic to trigger this vulnerability. Circle with Disney Contains an input validation vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. CirclewithDisney is a network monitoring and management device used by CircleMedia of the United States to monitor children's online behavior

Trust: 2.25

sources: NVD: CVE-2017-2881 // JVNDB: JVNDB-2017-009921 // CNVD: CNVD-2017-33178 // VULHUB: VHN-111084

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-33178

AFFECTED PRODUCTS

vendor:meetcirclemodel:circle with disneyscope:eqversion:2.0.1

Trust: 1.6

vendor:circle mediamodel:with disneyscope:eqversion:2.0.1

Trust: 0.8

vendor:circlemodel:media circle with disneyscope:eqversion:2.0.1

Trust: 0.6

sources: CNVD: CNVD-2017-33178 // JVNDB: JVNDB-2017-009921 // CNNVD: CNNVD-201711-101 // NVD: CVE-2017-2881

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2881
value: HIGH

Trust: 1.0

talos-cna@cisco.com: CVE-2017-2881
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-2881
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-33178
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201711-101
value: HIGH

Trust: 0.6

VULHUB: VHN-111084
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-2881
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-33178
severity: HIGH
baseScore: 7.7
vectorString: AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-111084
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2881
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

talos-cna@cisco.com: CVE-2017-2881
baseSeverity: CRITICAL
baseScore: 9.6
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 6.0
version: 3.0

Trust: 1.0

NVD: CVE-2017-2881
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2017-33178 // VULHUB: VHN-111084 // JVNDB: JVNDB-2017-009921 // CNNVD: CNNVD-201711-101 // NVD: CVE-2017-2881 // NVD: CVE-2017-2881

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-111084 // JVNDB: JVNDB-2017-009921 // NVD: CVE-2017-2881

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201711-101

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201711-101

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009921

PATCH
title:Top Pageurl:https://meetcircle.com/circle/
Trust: 0.8
title:Patch for CirclewithDisney Remote Code Execution Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/105660
Trust: 0.6
title:Circle with Disney Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=190057
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-33178 // 
            
            
            
            JVNDB: JVNDB-2017-009921 // 
            
            
            
            CNNVD: CNNVD-201711-101

EXTERNAL IDS
db:NVDid:CVE-2017-2881
Trust: 3.1
db:TALOSid:TALOS-2017-0388
Trust: 3.1
db:JVNDBid:JVNDB-2017-009921
Trust: 0.8
db:CNNVDid:CNNVD-201711-101
Trust: 0.7
db:CNVDid:CNVD-2017-33178
Trust: 0.6
db:SEEBUGid:SSVID-96820
Trust: 0.1
db:VULHUBid:VHN-111084
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-33178 // 
            
            
            
            VULHUB: VHN-111084 // 
            
            
            
            JVNDB: JVNDB-2017-009921 // 
            
            
            
            CNNVD: CNNVD-201711-101 // 
            
            
            
            NVD: CVE-2017-2881

REFERENCES
url:https://www.talosintelligence.com/vulnerability_reports/talos-2017-0388
Trust: 2.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2881
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2881
Trust: 0.8
url:https://talosintelligence.com/vulnerability_reports/talos-2017-0388
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-33178 // 
            
            
            
            VULHUB: VHN-111084 // 
            
            
            
            JVNDB: JVNDB-2017-009921 // 
            
            
            
            CNNVD: CNNVD-201711-101 // 
            
            
            
            NVD: CVE-2017-2881

CREDITS
Claudio Bozzato and Lilith Wyatt of Cisco Talos
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201711-101

SOURCES
db:CNVDid:CNVD-2017-33178
db:VULHUBid:VHN-111084
db:JVNDBid:JVNDB-2017-009921
db:CNNVDid:CNNVD-201711-101
db:NVDid:CVE-2017-2881

LAST UPDATE DATE
2025-04-20T23:19:43.595000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-33178date:2017-11-08T00:00:00
db:VULHUBid:VHN-111084date:2017-11-27T00:00:00
db:JVNDBid:JVNDB-2017-009921date:2017-11-28T00:00:00
db:CNNVDid:CNNVD-201711-101date:2022-06-06T00:00:00
db:NVDid:CVE-2017-2881date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-33178date:2017-11-08T00:00:00
db:VULHUBid:VHN-111084date:2017-11-07T00:00:00
db:JVNDBid:JVNDB-2017-009921date:2017-11-28T00:00:00
db:CNNVDid:CNNVD-201711-101date:2017-10-31T00:00:00
db:NVDid:CVE-2017-2881date:2017-11-07T16:29:00.497