An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request trigger this vulnerability.
References
Link | Resource |
---|---|
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0397 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: talos
Published: 2017-10-31T00:00:00
Updated: 2022-04-19T18:24:17
Reserved: 2016-12-01T00:00:00
Link: CVE-2017-2890
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-11-07T16:29:00.670
Modified: 2022-06-03T19:04:02.377
Link: CVE-2017-2890
JSON object: View
Redhat Information
No data.
CWE