CVE-2017-2912

Опубликовано: 07 нояб. 2017

Источник: nvd

CVSS3: 7.4

CVSS3: 5.9

CVSS2: 2.6

EPSS Низкий

Описание

An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the goclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability.

Ссылки

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0419
Exploit
Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0419
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:meetcircle:circle_with_disney_firmware:2.0.1:*:*:*:*:*:*:*

cpe:2.3:h:meetcircle:circle_with_disney:-:*:*:*:*:*:*:*

EPSS

Процентиль: 34%

0.00136

Низкий

7.4 High

CVSS3

5.9 Medium

CVSS3

2.6 Low

CVSS2

Дефекты

CWE-297

Связанные уязвимости

GHSA-4g7p-5pq3-g6vh

CVSS3: 5.9

github

больше 3 лет назад

EPSS

Процентиль: 34%

0.00136

Низкий

7.4 High

CVSS3

5.9 Medium

CVSS3

2.6 Low

CVSS2

Дефекты

CWE-297