4 matches found
Circle with Disney Weak Authentication Vulnerability(CVE-2017-2864)
Summary An exploitable vulnerability exists in the generation of authentication token functionality of Circle with Disney. Specially crafted network packets can cause a valid authentication token to be returned to the attacker resulting in authentication bypass. An attacker can send a series of...
CVE-2017-2864
An exploitable vulnerability exists in the generation of authentication token functionality of Circle with Disney. Specially crafted network packets can cause a valid authentication token to be returned to the attacker resulting in authentication bypass. An attacker can send a series of packets t...
CVE-2017-2864
Circle with Disney devices contain CVE-2017-2864 where the authentication token generation is weak, allowing an attacker to trigger authentication bypass by sending crafted requests. The TALOS reports show the vulnerability chain: a GET parameter appid from the user is incorporated into a token f...
Circle with Disney Backup API Command Injection Vulnerability
Summary An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request trigger this vulnerability. Tested Versions Circle with Disney Product URLs...