CVE-2017-2882

🗓️ 07 Nov 2017 16:00:00Reported by talosType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 61 Views🌐 WEB

An exploitable vulnerability in Circle with Disney firmware 2.0.1 allows code execution via crafted network packets

Reporter	Title	Published	Views	Family All 9
CNVD	Circle with Disney Remote Code Execution Vulnerability	2 Nov 201700:00	–	cnvd
Cvelist	CVE-2017-2882	7 Nov 201716:00	–	cvelist
EUVD	EUVD-2017-12023	7 Oct 202500:30	–	euvd
NVD	CVE-2017-2882	7 Nov 201716:29	–	nvd
OSV	CVE-2017-2882	7 Nov 201716:29	–	osv
Prion	Design/Logic Flaw	7 Nov 201716:29	–	prion
seebug.org	Circle with Disney check_circleservers Code Execution Vulnerability(CVE-2017-2882)	8 Nov 201700:00	–	seebug
Talos	Circle with Disney check_circleservers Code Execution Vulnerability	31 Oct 201700:00	–	talos
Talos Blog	Vulnerability Spotlight: The Circle of a Bug’s Life	31 Oct 201712:04	–	talosblog

NVD

Vulners

Node

meetcircle circle_with_disney_firmwareMatch2.0.1

AND

meetcircle circle_with_disneyMatch-

[
  {
    "product": "Circle",
    "vendor": "Circle Media",
    "versions": [
      {
        "status": "affected",
        "version": "firmware 2.0.1"
      }
    ]
  }
]

Source	Link
talosintelligence	www.talosintelligence.com/vulnerability_reports/TALOS-2017-0389

Parameter	Position	Path	Description	CWE
DEVID	query param	dev/firmware/get_circleservers.php	Unauthenticated HTTP request to the update endpoint delivers encrypted content that is decrypted/extracted in /tmp, enabling an attacker to overwrite arbitrary files via the downloaded tar archive.	CWE-73
VER	query param	dev/firmware/get_circleservers.php	Unauthenticated HTTP request to the update endpoint delivers encrypted content that is decrypted/extracted in /tmp, enabling an attacker to overwrite arbitrary files via the downloaded tar archive.	CWE-73

17 Jun 2026 01:17Current

8.1High risk

Vulners AI Score8.1

CVSS 26.8

CVSS 3.18.1

CVSS 39

EPSS0.02024