Sign-up

ID

VAR-201711-0792


CVE

CVE-2017-2882


TITLE

Circle with Disney Vulnerabilities related to input validation in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2017-009922

DESCRIPTION

An exploitable vulnerability exists in the servers update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to overwrite sensitive files, resulting in code execution. An attacker needs to impersonate a remote server in order to trigger this vulnerability. Circle with Disney Contains a vulnerability related to input validation.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CirclewithDisney is a network monitoring and management device used by CircleMedia of the United States to monitor children's online behavior

Trust: 2.25

sources: NVD: CVE-2017-2882 // JVNDB: JVNDB-2017-009922 // CNVD: CNVD-2017-33179 // VULHUB: VHN-111085

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-33179

AFFECTED PRODUCTS

vendor:meetcirclemodel:circle with disneyscope:eqversion:2.0.1

Trust: 1.6

vendor:circle mediamodel:with disneyscope:eqversion:2.0.1

Trust: 0.8

vendor:circlemodel:media circle with disneyscope:eqversion:2.0.1

Trust: 0.6

sources: CNVD: CNVD-2017-33179 // JVNDB: JVNDB-2017-009922 // CNNVD: CNNVD-201711-100 // NVD: CVE-2017-2882

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2882
value: HIGH

Trust: 1.0

talos-cna@cisco.com: CVE-2017-2882
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-2882
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-33179
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201711-100
value: HIGH

Trust: 0.6

VULHUB: VHN-111085
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-2882
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-33179
severity: MEDIUM
baseScore: 6.6
vectorString: AV:N/AC:H/AU:S/C:C/I:N/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-111085
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2882
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.1

Trust: 1.0

talos-cna@cisco.com: CVE-2017-2882
baseSeverity: CRITICAL
baseScore: 9.0
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 6.0
version: 3.0

Trust: 1.0

NVD: CVE-2017-2882
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2017-33179 // VULHUB: VHN-111085 // JVNDB: JVNDB-2017-009922 // CNNVD: CNNVD-201711-100 // NVD: CVE-2017-2882 // NVD: CVE-2017-2882

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-111085 // JVNDB: JVNDB-2017-009922 // NVD: CVE-2017-2882

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-100

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201711-100

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009922

PATCH
title:Top Pageurl:https://meetcircle.com/circle/
Trust: 0.8
title:Patch for CirclewithDisney Remote Code Execution Vulnerability (CNVD-2017-33179)url:https://www.cnvd.org.cn/patchInfo/show/105659
Trust: 0.6
title:Circle with Disney Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=190056
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-33179 // 
            
            
            
            JVNDB: JVNDB-2017-009922 // 
            
            
            
            CNNVD: CNNVD-201711-100

EXTERNAL IDS
db:TALOSid:TALOS-2017-0389
Trust: 3.1
db:NVDid:CVE-2017-2882
Trust: 3.1
db:JVNDBid:JVNDB-2017-009922
Trust: 0.8
db:CNNVDid:CNNVD-201711-100
Trust: 0.7
db:CNVDid:CNVD-2017-33179
Trust: 0.6
db:SEEBUGid:SSVID-96821
Trust: 0.1
db:VULHUBid:VHN-111085
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-33179 // 
            
            
            
            VULHUB: VHN-111085 // 
            
            
            
            JVNDB: JVNDB-2017-009922 // 
            
            
            
            CNNVD: CNNVD-201711-100 // 
            
            
            
            NVD: CVE-2017-2882

REFERENCES
url:https://www.talosintelligence.com/vulnerability_reports/talos-2017-0389
Trust: 2.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2882
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2882
Trust: 0.8
url:https://talosintelligence.com/vulnerability_reports/talos-2017-0389
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-33179 // 
            
            
            
            VULHUB: VHN-111085 // 
            
            
            
            JVNDB: JVNDB-2017-009922 // 
            
            
            
            CNNVD: CNNVD-201711-100 // 
            
            
            
            NVD: CVE-2017-2882

CREDITS
Claudio Bozzato and Lilith Wyatt of Cisco Talos
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201711-100

SOURCES
db:CNVDid:CNVD-2017-33179
db:VULHUBid:VHN-111085
db:JVNDBid:JVNDB-2017-009922
db:CNNVDid:CNNVD-201711-100
db:NVDid:CVE-2017-2882

LAST UPDATE DATE
2025-04-20T23:23:33.190000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-33179date:2017-11-08T00:00:00
db:VULHUBid:VHN-111085date:2017-11-27T00:00:00
db:JVNDBid:JVNDB-2017-009922date:2017-11-28T00:00:00
db:CNNVDid:CNNVD-201711-100date:2022-06-06T00:00:00
db:NVDid:CVE-2017-2882date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-33179date:2017-11-08T00:00:00
db:VULHUBid:VHN-111085date:2017-11-07T00:00:00
db:JVNDBid:JVNDB-2017-009922date:2017-11-28T00:00:00
db:CNNVDid:CNNVD-201711-100date:2017-10-31T00:00:00
db:NVDid:CVE-2017-2882date:2017-11-07T16:29:00.543