3 matches found
Circle with Disney Rclient SSL TLD MITM Vulnerability(CVE-2017-2911)
Summary An exploitable vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the rclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this...
CVE-2017-2911
An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the rclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate...
CVE-2017-2911
CVE-2017-2911 : Circle with Disney devices (firmware 2.0.1) expose a remote-control SSL validation flaw in rclient. The binary extracts the server certificate subject (X509_NAME_oneline) and prints it; a partial CN check against CN=*.meetcircle.com is performed via strstr, allowing an attacker to...