CVE-2017-2917: OS Command Injection
First published: Tue Nov 07 2017(Updated: )
An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Meetcircle Circle With Disney Firmware | =2.0.1 | |
| Meetcircle Circle With Disney |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2017-2917?
CVE-2017-2917 is classified as a critical vulnerability due to its potential for OS command injection.
How do I fix CVE-2017-2917?
To mitigate CVE-2017-2917, users should upgrade to a patched version of the Circle with Disney firmware.
What systems are affected by CVE-2017-2917?
CVE-2017-2917 affects the Circle with Disney firmware version 2.0.1.
What type of attack does CVE-2017-2917 enable?
CVE-2017-2917 enables an OS command injection attack via specially crafted network packets.
Can CVE-2017-2917 be exploited remotely?
Yes, CVE-2017-2917 can be exploited remotely by sending an HTTP request to the vulnerable device.
- collector/nvd-index
- agent/author
- agent/type
- agent/event
- vendor/meetcircle
- canonical/meetcircle circle with disney firmware
- version/meetcircle circle with disney firmware/2.0.1
- canonical/meetcircle circle with disney