2 matches found
CVE-2017-12095
An exploitable vulnerability exists in the WiFi Access Point feature of Circle with Disney running firmware 2.0.1. A series of WiFi packets can force Circle to setup an Access Point with default credentials. An attacker needs to send a series of spoofed "de-auth" packets to trigger this...
CVE-2017-12095
The CVE-2017-12095 entry concerns Circle with Disney firmware 2.0.1 where the WiFi Access Point can be forced to become an AP with a default credential set. Talos details show exploitation via a de-auth packet sequence to trigger circle_ap.sh up, which launches hostapd with a fixed SSID Circle-, ...