CVE-2017-2898: Race Condition
First published: Tue Nov 07 2017(Updated: )
An exploitable vulnerability exists in the signature verification of the firmware update functionality of Circle with Disney. Specially crafted network packets can cause an unsigned firmware to be installed in the device resulting in arbitrary code execution. An attacker can send a series of packets to trigger this vulnerability.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Meetcircle Circle With Disney Firmware | =2.0.1 | |
| Meetcircle Circle With Disney |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2017-2898?
CVE-2017-2898 has been classified as a critical vulnerability due to its potential to allow arbitrary code execution.
How do I fix CVE-2017-2898?
To fix CVE-2017-2898, ensure you update the Circle with Disney device firmware to the latest version provided by Meetcircle.
Who is affected by CVE-2017-2898?
Users of Circle with Disney firmware version 2.0.1 are specifically affected by CVE-2017-2898.
What kind of attack can be performed using CVE-2017-2898?
An attacker can exploit CVE-2017-2898 by sending specially crafted network packets to install unsigned firmware and execute arbitrary code.
Is there a workaround for CVE-2017-2898?
There is no documented workaround for CVE-2017-2898; applying firmware updates is the recommended action.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/tags
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- vendor/meetcircle
- canonical/meetcircle circle with disney firmware
- version/meetcircle circle with disney firmware/2.0.1
- canonical/meetcircle circle with disney