Sign-up

ID

VAR-201711-0811


CVE

CVE-2017-2916


TITLE

Circle with Disney Vulnerabilities related to link interpretation in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2017-009997

DESCRIPTION

An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an arbitrary file to be overwritten. An attacker can send an HTTP request to trigger this vulnerability. Circle with Disney Contains a link interpretation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CirclewithDisney is a network monitoring and management device used by CircleMedia of the United States to monitor children's online behavior. A post-linking vulnerability exists in the /api/CONFIG/restore feature in CirclewithDisney version 2.0.1

Trust: 2.25

sources: NVD: CVE-2017-2916 // JVNDB: JVNDB-2017-009997 // CNVD: CNVD-2017-33243 // VULHUB: VHN-111119

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-33243

AFFECTED PRODUCTS

vendor:meetcirclemodel:circle with disneyscope:eqversion:2.0.1

Trust: 1.6

vendor:circle mediamodel:with disneyscope:eqversion:2.0.1

Trust: 0.8

vendor:circlemodel:media circle with disneyscope:eqversion:2.0.1

Trust: 0.6

sources: CNVD: CNVD-2017-33243 // JVNDB: JVNDB-2017-009997 // CNNVD: CNNVD-201711-110 // NVD: CVE-2017-2916

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2916
value: HIGH

Trust: 1.0

talos-cna@cisco.com: CVE-2017-2916
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-2916
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-33243
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201711-110
value: HIGH

Trust: 0.6

VULHUB: VHN-111119
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-2916
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-33243
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-111119
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2916
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

talos-cna@cisco.com: CVE-2017-2916
baseSeverity: CRITICAL
baseScore: 9.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.1
impactScore: 6.0
version: 3.0

Trust: 1.0

NVD: CVE-2017-2916
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2017-33243 // VULHUB: VHN-111119 // JVNDB: JVNDB-2017-009997 // CNNVD: CNNVD-201711-110 // NVD: CVE-2017-2916 // NVD: CVE-2017-2916

PROBLEMTYPE DATA

problemtype:CWE-59

Trust: 1.9

sources: VULHUB: VHN-111119 // JVNDB: JVNDB-2017-009997 // NVD: CVE-2017-2916

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-110

TYPE

post link

Trust: 0.6

sources: CNNVD: CNNVD-201711-110

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009997

PATCH
title:Top Pageurl:https://meetcircle.com/circle/
Trust: 0.8
title:Patch for CirclewithDisney Postlink Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/105721
Trust: 0.6
title:Circle with Disney Post-link vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=190062
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-33243 // 
            
            
            
            JVNDB: JVNDB-2017-009997 // 
            
            
            
            CNNVD: CNNVD-201711-110

EXTERNAL IDS
db:NVDid:CVE-2017-2916
Trust: 3.1
db:TALOSid:TALOS-2017-0423
Trust: 3.1
db:JVNDBid:JVNDB-2017-009997
Trust: 0.8
db:CNNVDid:CNNVD-201711-110
Trust: 0.7
db:CNVDid:CNVD-2017-33243
Trust: 0.6
db:SEEBUGid:SSVID-96814
Trust: 0.1
db:VULHUBid:VHN-111119
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-33243 // 
            
            
            
            VULHUB: VHN-111119 // 
            
            
            
            JVNDB: JVNDB-2017-009997 // 
            
            
            
            CNNVD: CNNVD-201711-110 // 
            
            
            
            NVD: CVE-2017-2916

REFERENCES
url:https://www.talosintelligence.com/vulnerability_reports/talos-2017-0423
Trust: 2.5
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2916
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2916
Trust: 0.8
url:https://talosintelligence.com/vulnerability_reports/talos-2017-0423
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-33243 // 
            
            
            
            VULHUB: VHN-111119 // 
            
            
            
            JVNDB: JVNDB-2017-009997 // 
            
            
            
            CNNVD: CNNVD-201711-110 // 
            
            
            
            NVD: CVE-2017-2916

CREDITS
Claudio Bozzato and Lilith Wyatt of Cisco Talos
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201711-110

SOURCES
db:CNVDid:CNVD-2017-33243
db:VULHUBid:VHN-111119
db:JVNDBid:JVNDB-2017-009997
db:CNNVDid:CNNVD-201711-110
db:NVDid:CVE-2017-2916

LAST UPDATE DATE
2025-04-20T23:03:57.360000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-33243date:2017-11-09T00:00:00
db:VULHUBid:VHN-111119date:2017-11-28T00:00:00
db:JVNDBid:JVNDB-2017-009997date:2017-11-30T00:00:00
db:CNNVDid:CNNVD-201711-110date:2022-04-20T00:00:00
db:NVDid:CVE-2017-2916date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-33243date:2017-11-08T00:00:00
db:VULHUBid:VHN-111119date:2017-11-07T00:00:00
db:JVNDBid:JVNDB-2017-009997date:2017-11-30T00:00:00
db:CNNVDid:CNNVD-201711-110date:2017-10-31T00:00:00
db:NVDid:CVE-2017-2916date:2017-11-07T16:29:01.137