CVE-2017-2911

Опубликовано: 07 нояб. 2017

Источник: nvd

CVSS3: 9

CVSS3: 5.9

CVSS2: 2.6

EPSS Низкий

Описание

An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the rclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability.

Ссылки

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0418
Exploit
Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0418
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:meetcircle:circle_with_disney_firmware:2.0.1:*:*:*:*:*:*:*

cpe:2.3:h:meetcircle:circle_with_disney:-:*:*:*:*:*:*:*

EPSS

Процентиль: 41%

0.00195

Низкий

9 Critical

CVSS3

5.9 Medium

CVSS3

2.6 Low

CVSS2

Дефекты

CWE-297

Связанные уязвимости

GHSA-8q5c-2fv2-m4f5

CVSS3: 5.9

github

больше 3 лет назад

EPSS

Процентиль: 41%

0.00195

Низкий

9 Critical

CVSS3

5.9 Medium

CVSS3

2.6 Low

CVSS2

Дефекты

CWE-297