An exploitable authentication bypass vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A specially crafted token can bypass the authentication routine of the Apid binary, causing the device to grant unintended administrative access. An attacker needs network connectivity to the device to trigger this vulnerability.
References
Link | Resource |
---|---|
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0421 | Exploit Technical Description Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: talos
Published: 2017-10-31T00:00:00
Updated: 2022-04-19T18:24:46
Reserved: 2016-12-01T00:00:00
Link: CVE-2017-2914
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-11-07T16:29:01.077
Modified: 2022-06-13T19:17:17.483
Link: CVE-2017-2914
JSON object: View
Redhat Information
No data.
CWE