Circle with Disney Apid Strstr Authentication Bypass Vulnerability(CVE-2017-2914)

Summary An exploitable authentication bypass vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A specially crafted token can bypass the authentication routine of the Apid binary, causing the device to grant unintended administrative access. An attacker needs...