2 matches found
Circle with Disney Apid Strstr Authentication Bypass Vulnerability(CVE-2017-2914)
Summary An exploitable authentication bypass vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A specially crafted token can bypass the authentication routine of the Apid binary, causing the device to grant unintended administrative access. An attacker needs...
CVE-2017-2914
CVE-2017-2914 : Authentication bypass in Circle with Disney 2.0.1 APID daemon. A crafted token can bypass authentication, granting admin access over the network. Talos reports the bypass arises from token handling in the app_list flow, leaking appid and enabling bypass; a 0x2d token length condit...