Sign-up

ID

VAR-201711-0809


CVE

CVE-2017-2914


TITLE

Circle with Disney Vulnerabilities related to authentication in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2017-009995

DESCRIPTION

An exploitable authentication bypass vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A specially crafted token can bypass the authentication routine of the Apid binary, causing the device to grant unintended administrative access. An attacker needs network connectivity to the device to trigger this vulnerability. Circle with Disney Authentication firmware contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CirclewithDisney is a network monitoring and management device used by CircleMedia of the United States to monitor children's online behavior

Trust: 2.25

sources: NVD: CVE-2017-2914 // JVNDB: JVNDB-2017-009995 // CNVD: CNVD-2017-33241 // VULHUB: VHN-111117

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-33241

AFFECTED PRODUCTS

vendor:meetcirclemodel:circle with disneyscope:eqversion:2.0.1

Trust: 1.6

vendor:circle mediamodel:with disneyscope:eqversion:2.0.1

Trust: 0.8

vendor:circlemodel:media circle with disneyscope:eqversion:2.0.1

Trust: 0.6

sources: CNVD: CNVD-2017-33241 // JVNDB: JVNDB-2017-009995 // CNNVD: CNNVD-201711-113 // NVD: CVE-2017-2914

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2914
value: HIGH

Trust: 1.0

talos-cna@cisco.com: CVE-2017-2914
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-2914
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-33241
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201711-113
value: HIGH

Trust: 0.6

VULHUB: VHN-111117
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-2914
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-33241
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:H/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-111117
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2914
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.1

Trust: 1.0

talos-cna@cisco.com: CVE-2017-2914
baseSeverity: CRITICAL
baseScore: 9.0
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 6.0
version: 3.0

Trust: 1.0

NVD: CVE-2017-2914
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2017-33241 // VULHUB: VHN-111117 // JVNDB: JVNDB-2017-009995 // CNNVD: CNNVD-201711-113 // NVD: CVE-2017-2914 // NVD: CVE-2017-2914

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-111117 // JVNDB: JVNDB-2017-009995 // NVD: CVE-2017-2914

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-113

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201711-113

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009995

PATCH
title:Top Pageurl:https://meetcircle.com/circle/
Trust: 0.8
title:CirclewithDisney verifies the patch that bypasses the vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/105725
Trust: 0.6
title:Circle with Disney Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=190064
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-33241 // 
            
            
            
            JVNDB: JVNDB-2017-009995 // 
            
            
            
            CNNVD: CNNVD-201711-113

EXTERNAL IDS
db:TALOSid:TALOS-2017-0421
Trust: 3.1
db:NVDid:CVE-2017-2914
Trust: 3.1
db:JVNDBid:JVNDB-2017-009995
Trust: 0.8
db:CNNVDid:CNNVD-201711-113
Trust: 0.7
db:CNVDid:CNVD-2017-33241
Trust: 0.6
db:SEEBUGid:SSVID-96824
Trust: 0.1
db:VULHUBid:VHN-111117
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-33241 // 
            
            
            
            VULHUB: VHN-111117 // 
            
            
            
            JVNDB: JVNDB-2017-009995 // 
            
            
            
            CNNVD: CNNVD-201711-113 // 
            
            
            
            NVD: CVE-2017-2914

REFERENCES
url:https://www.talosintelligence.com/vulnerability_reports/talos-2017-0421
Trust: 2.5
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2914
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2914
Trust: 0.8
url:https://talosintelligence.com/vulnerability_reports/talos-2017-0421
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-33241 // 
            
            
            
            VULHUB: VHN-111117 // 
            
            
            
            JVNDB: JVNDB-2017-009995 // 
            
            
            
            CNNVD: CNNVD-201711-113 // 
            
            
            
            NVD: CVE-2017-2914

CREDITS
Lilith Wyatt and Claudio Bozzato of Cisco Talos
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201711-113

SOURCES
db:CNVDid:CNVD-2017-33241
db:VULHUBid:VHN-111117
db:JVNDBid:JVNDB-2017-009995
db:CNNVDid:CNNVD-201711-113
db:NVDid:CVE-2017-2914

LAST UPDATE DATE
2025-04-20T23:32:02.291000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-33241date:2017-11-09T00:00:00
db:VULHUBid:VHN-111117date:2017-11-28T00:00:00
db:JVNDBid:JVNDB-2017-009995date:2017-11-30T00:00:00
db:CNNVDid:CNNVD-201711-113date:2022-04-20T00:00:00
db:NVDid:CVE-2017-2914date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-33241date:2017-11-09T00:00:00
db:VULHUBid:VHN-111117date:2017-11-07T00:00:00
db:JVNDBid:JVNDB-2017-009995date:2017-11-30T00:00:00
db:CNNVDid:CNNVD-201711-113date:2017-10-31T00:00:00
db:NVDid:CVE-2017-2914date:2017-11-07T16:29:01.077