CVE-2017-2916

Exploit

EPSS 0.48%
Veröffentlicht 07.11.2017 16:29:01
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle talos-cna@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an arbitrary file to be overwritten. An attacker can send an HTTP request to trigger this vulnerability.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Meetcircle ≫ Circle With Disney Firmware Version2.0.1

Meetcircle ≫ Circle With Disney Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.48%	0.644

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	9	8	10	AV:N/AC:L/Au:S/C:C/I:C/A:C
talos-cna@cisco.com	9.9	3.1	6	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0423

Third Party Advisory

Exploit

Technical Description

https://nvd.nist.gov/vuln/detail/CVE-2017-2916

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-2916

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-2916

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2017-2916