Описание
A backdoor vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. A specific set of network packets can remotely start an SSH server on the device, resulting in a persistent backdoor. An attacker can send an API call to enable the SSH server.
Ссылки
- ExploitTechnical DescriptionThird Party Advisory
- ExploitTechnical DescriptionThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:meetcircle:circle_with_disney_firmware:2.0.1:*:*:*:*:*:*:*
cpe:2.3:h:meetcircle:circle_with_disney:-:*:*:*:*:*:*:*
EPSS
Процентиль: 60%
0.00392
Низкий
8 High
CVSS3
6.6 Medium
CVSS3
6 Medium
CVSS2
Дефекты
CWE-862
Связанные уязвимости
CVSS3: 6.6
github
больше 3 лет назад
A backdoor vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. A specific set of network packets can remotely start an SSH server on the device, resulting in a persistent backdoor. An attacker can send an API call to enable the SSH server.
EPSS
Процентиль: 60%
0.00392
Низкий
8 High
CVSS3
6.6 Medium
CVSS3
6 Medium
CVSS2
Дефекты
CWE-862