Lucene search
K

4 matches found

seebug.org
seebug.org
added 2017/11/08 12:0 a.m.43 views

Circle with Disney Weak Authentication Vulnerability(CVE-2017-2864)

Summary An exploitable vulnerability exists in the generation of authentication token functionality of Circle with Disney. Specially crafted network packets can cause a valid authentication token to be returned to the attacker resulting in authentication bypass. An attacker can send a series of...

9.1AI score0.01516EPSS
Exploits2
NVD
NVD
added 2017/11/07 4:29 p.m.21 views

CVE-2017-2864

An exploitable vulnerability exists in the generation of authentication token functionality of Circle with Disney. Specially crafted network packets can cause a valid authentication token to be returned to the attacker resulting in authentication bypass. An attacker can send a series of packets t...

9.8CVSS8.5AI score0.01516EPSS
Exploits2References1
CVE
CVE
added 2017/11/07 4:0 p.m.57 views

CVE-2017-2864

Circle with Disney devices contain CVE-2017-2864 where the authentication token generation is weak, allowing an attacker to trigger authentication bypass by sending crafted requests. The TALOS reports show the vulnerability chain: a GET parameter appid from the user is incorporated into a token f...

9.8CVSS9.3AI score0.01516EPSS
Exploits2References1Affected Software1
Talos
Talos
added 2017/10/31 12:0 a.m.35 views

Circle with Disney Backup API Command Injection Vulnerability

Summary An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request trigger this vulnerability. Tested Versions Circle with Disney Product URLs...

9.8CVSS9.3AI score0.01516EPSS
Exploits2
Rows per page
Query Builder