Sign-up

ID

VAR-201711-0804


CVE

CVE-2017-2898


TITLE

Circle with Disney Vulnerabilities related to race conditions in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2017-009994

DESCRIPTION

An exploitable vulnerability exists in the signature verification of the firmware update functionality of Circle with Disney. Specially crafted network packets can cause an unsigned firmware to be installed in the device resulting in arbitrary code execution. An attacker can send a series of packets to trigger this vulnerability. Circle with Disney There is a race condition vulnerability in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CirclewithDisney is a network monitoring and management device used by CircleMedia of the United States to monitor children's online behavior

Trust: 2.25

sources: NVD: CVE-2017-2898 // JVNDB: JVNDB-2017-009994 // CNVD: CNVD-2017-32883 // VULHUB: VHN-111101

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-32883

AFFECTED PRODUCTS

vendor:meetcirclemodel:circle with disneyscope:eqversion:2.0.1

Trust: 1.6

vendor:circle mediamodel:with disneyscope: - version: -

Trust: 0.8

vendor:circlemodel:media circle with disneyscope:eqversion:2.0.1

Trust: 0.6

sources: CNVD: CNVD-2017-32883 // JVNDB: JVNDB-2017-009994 // CNNVD: CNNVD-201711-116 // NVD: CVE-2017-2898

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2898
value: HIGH

Trust: 1.0

talos-cna@cisco.com: CVE-2017-2898
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-2898
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-32883
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201711-116
value: HIGH

Trust: 0.6

VULHUB: VHN-111101
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-2898
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.8
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-32883
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-111101
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.8
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2898
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.1

Trust: 1.0

talos-cna@cisco.com: CVE-2017-2898
baseSeverity: CRITICAL
baseScore: 9.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.1
impactScore: 6.0
version: 3.0

Trust: 1.0

NVD: CVE-2017-2898
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2017-32883 // VULHUB: VHN-111101 // JVNDB: JVNDB-2017-009994 // CNNVD: CNNVD-201711-116 // NVD: CVE-2017-2898 // NVD: CVE-2017-2898

PROBLEMTYPE DATA

problemtype:CWE-362

Trust: 1.9

sources: VULHUB: VHN-111101 // JVNDB: JVNDB-2017-009994 // NVD: CVE-2017-2898

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-116

TYPE

competition condition problem

Trust: 0.6

sources: CNNVD: CNNVD-201711-116

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009994

PATCH
title:Top Pageurl:https://meetcircle.com/circle/
Trust: 0.8
title:CirclewithDisney security bypass vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/105486
Trust: 0.6
title:Circle with Disney Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76094
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-32883 // 
            
            
            
            JVNDB: JVNDB-2017-009994 // 
            
            
            
            CNNVD: CNNVD-201711-116

EXTERNAL IDS
db:TALOSid:TALOS-2017-0405
Trust: 3.1
db:NVDid:CVE-2017-2898
Trust: 3.1
db:JVNDBid:JVNDB-2017-009994
Trust: 0.8
db:CNNVDid:CNNVD-201711-116
Trust: 0.7
db:CNVDid:CNVD-2017-32883
Trust: 0.6
db:SEEBUGid:SSVID-96825
Trust: 0.1
db:VULHUBid:VHN-111101
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-32883 // 
            
            
            
            VULHUB: VHN-111101 // 
            
            
            
            JVNDB: JVNDB-2017-009994 // 
            
            
            
            CNNVD: CNNVD-201711-116 // 
            
            
            
            NVD: CVE-2017-2898

REFERENCES
url:https://www.talosintelligence.com/vulnerability_reports/talos-2017-0405
Trust: 2.5
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2898
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2898
Trust: 0.8
url:https://talosintelligence.com/vulnerability_reports/talos-2017-0405
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-32883 // 
            
            
            
            VULHUB: VHN-111101 // 
            
            
            
            JVNDB: JVNDB-2017-009994 // 
            
            
            
            CNNVD: CNNVD-201711-116 // 
            
            
            
            NVD: CVE-2017-2898

CREDITS
Claudio Bozzato and Lilith Wyatt of Cisco Talos
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201711-116

SOURCES
db:CNVDid:CNVD-2017-32883
db:VULHUBid:VHN-111101
db:JVNDBid:JVNDB-2017-009994
db:CNNVDid:CNNVD-201711-116
db:NVDid:CVE-2017-2898

LAST UPDATE DATE
2025-04-20T23:12:44.778000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-32883date:2017-11-07T00:00:00
db:VULHUBid:VHN-111101date:2017-11-28T00:00:00
db:JVNDBid:JVNDB-2017-009994date:2017-11-30T00:00:00
db:CNNVDid:CNNVD-201711-116date:2022-04-20T00:00:00
db:NVDid:CVE-2017-2898date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-32883date:2017-11-07T00:00:00
db:VULHUBid:VHN-111101date:2017-11-07T00:00:00
db:JVNDBid:JVNDB-2017-009994date:2017-11-30T00:00:00
db:CNNVDid:CNNVD-201711-116date:2017-10-31T00:00:00
db:NVDid:CVE-2017-2898date:2017-11-07T16:29:00.873