Sign-up

ID

VAR-201711-0793


CVE

CVE-2017-2883


TITLE

Circle with Disney , Authorization, Access Control Vulnerabilities in Firmware

Trust: 0.8

sources: JVNDB: JVNDB-2017-009923

DESCRIPTION

An exploitable vulnerability exists in the database update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to execute arbitrary code. An attacker needs to impersonate a remote server in order to trigger this vulnerability. Circle with Disney Contains firmware, authorization, authority, and access control vulnerabilities.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. CirclewithDisney is a network monitoring and management device used by CircleMedia of the United States to monitor children's online behavior

Trust: 2.25

sources: NVD: CVE-2017-2883 // JVNDB: JVNDB-2017-009923 // CNVD: CNVD-2017-33180 // VULHUB: VHN-111086

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-33180

AFFECTED PRODUCTS

vendor:meetcirclemodel:circle with disneyscope:eqversion:2.0.1

Trust: 1.6

vendor:circle mediamodel:with disneyscope:eqversion:2.0.1

Trust: 0.8

vendor:circlemodel:media circle with disneyscope:eqversion:2.0.1

Trust: 0.6

sources: CNVD: CNVD-2017-33180 // JVNDB: JVNDB-2017-009923 // CNNVD: CNNVD-201711-109 // NVD: CVE-2017-2883

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2883
value: HIGH

Trust: 1.0

talos-cna@cisco.com: CVE-2017-2883
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-2883
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-33180
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201711-109
value: HIGH

Trust: 0.6

VULHUB: VHN-111086
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-2883
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-33180
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:H/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-111086
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2883
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.1

Trust: 1.0

talos-cna@cisco.com: CVE-2017-2883
baseSeverity: CRITICAL
baseScore: 9.0
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 6.0
version: 3.0

Trust: 1.0

NVD: CVE-2017-2883
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2017-33180 // VULHUB: VHN-111086 // JVNDB: JVNDB-2017-009923 // CNNVD: CNNVD-201711-109 // NVD: CVE-2017-2883 // NVD: CVE-2017-2883

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-111086 // JVNDB: JVNDB-2017-009923 // NVD: CVE-2017-2883

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-109

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201711-109

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009923

PATCH
title:Top Pageurl:https://meetcircle.com/circle/
Trust: 0.8
title:Patch for CirclewithDisney Remote Code Execution Vulnerability (CNVD-2017-33180)url:https://www.cnvd.org.cn/patchInfo/show/105675
Trust: 0.6
title:Circle with Disney Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100152
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-33180 // 
            
            
            
            JVNDB: JVNDB-2017-009923 // 
            
            
            
            CNNVD: CNNVD-201711-109

EXTERNAL IDS
db:TALOSid:TALOS-2017-0390
Trust: 3.1
db:NVDid:CVE-2017-2883
Trust: 3.1
db:JVNDBid:JVNDB-2017-009923
Trust: 0.8
db:CNNVDid:CNNVD-201711-109
Trust: 0.7
db:CNVDid:CNVD-2017-33180
Trust: 0.6
db:SEEBUGid:SSVID-96810
Trust: 0.1
db:VULHUBid:VHN-111086
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-33180 // 
            
            
            
            VULHUB: VHN-111086 // 
            
            
            
            JVNDB: JVNDB-2017-009923 // 
            
            
            
            CNNVD: CNNVD-201711-109 // 
            
            
            
            NVD: CVE-2017-2883

REFERENCES
url:https://www.talosintelligence.com/vulnerability_reports/talos-2017-0390
Trust: 3.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2883
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2883
Trust: 0.8
url:https://talosintelligence.com/vulnerability_reports/talos-2017-0390
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-33180 // 
            
            
            
            VULHUB: VHN-111086 // 
            
            
            
            JVNDB: JVNDB-2017-009923 // 
            
            
            
            CNNVD: CNNVD-201711-109 // 
            
            
            
            NVD: CVE-2017-2883

CREDITS
Claudio Bozzato and Lilith Wyatt of Cisco Talos
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201711-109

SOURCES
db:CNVDid:CNVD-2017-33180
db:VULHUBid:VHN-111086
db:JVNDBid:JVNDB-2017-009923
db:CNNVDid:CNNVD-201711-109
db:NVDid:CVE-2017-2883

LAST UPDATE DATE
2025-04-20T23:27:14.585000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-33180date:2017-11-08T00:00:00
db:VULHUBid:VHN-111086date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-009923date:2017-11-28T00:00:00
db:CNNVDid:CNNVD-201711-109date:2022-04-20T00:00:00
db:NVDid:CVE-2017-2883date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-33180date:2017-11-08T00:00:00
db:VULHUBid:VHN-111086date:2017-11-07T00:00:00
db:JVNDBid:JVNDB-2017-009923date:2017-11-28T00:00:00
db:CNNVDid:CNNVD-201711-109date:2017-10-31T00:00:00
db:NVDid:CVE-2017-2883date:2017-11-07T16:29:00.577