5 matches found
CVE-2017-12083
An exploitable information disclosure vulnerability exists in the apid daemon of the Circle with Disney running firmware 2.0.1. A specially crafted set of packets can make the Disney Circle dump strings from an internal database into an HTTP response. An attacker needs network connectivity to the...
CVE-2017-2889
An exploitable Denial of Service vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A large amount of simultaneous TCP connections causes the APID daemon to repeatedly fork, causing the daemon to run out of memory and trigger a device reboot. An attacker needs...
Information disclosure
An exploitable information disclosure vulnerability exists in the apid daemon of the Circle with Disney running firmware 2.0.1. A specially crafted set of packets can make the Disney Circle dump strings from an internal database into an HTTP response. An attacker needs network connectivity to the...
CVE-2017-12083
An exploitable information disclosure vulnerability exists in the apid daemon of the Circle with Disney running firmware 2.0.1. A specially crafted set of packets can make the Disney Circle dump strings from an internal database into an HTTP response. An attacker needs network connectivity to the...
CVE-2017-12083
CVE-2017-12083 affects the Circle with Disney apid daemon (firmware 2.0.1). A crafted HTTP request triggers a use-after-free via unsafe handling of HTTP header pointers and realloc-based growth of request buffers, enabling information disclosure from the internal database. The vulnerability hinge...