CVE-2017-2916
First published: Tue Nov 07 2017(Updated: )
An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an arbitrary file to be overwritten. An attacker can send an HTTP request to trigger this vulnerability.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Meetcircle Circle With Disney Firmware | =2.0.1 | |
| Meetcircle Circle With Disney |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2017-2916?
CVE-2017-2916 has a medium severity rating, as it allows arbitrary file overwriting through specially crafted network packets.
How do I fix CVE-2017-2916?
To mitigate CVE-2017-2916, update the firmware of Circle with Disney to a version beyond 2.0.1 that addresses this vulnerability.
What software is affected by CVE-2017-2916?
CVE-2017-2916 specifically affects the Circle with Disney firmware version 2.0.1.
Can CVE-2017-2916 be exploited remotely?
Yes, CVE-2017-2916 can be exploited remotely via an HTTP request to the vulnerable API endpoint.
What impact could CVE-2017-2916 have on my system?
The impact of CVE-2017-2916 includes potential unauthorized file overwriting, which can compromise system integrity.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/references
- agent/weakness
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/description
- agent/tags
- agent/source
- vendor/meetcircle
- canonical/meetcircle circle with disney firmware
- version/meetcircle circle with disney firmware/2.0.1
- canonical/meetcircle circle with disney