PT-2017-12348 · Disney · Circle With Disney

Publicado

2017-11-07

Atualizado

2022-04-19

CVE-2017-12094

CVSS v3.1

7.4

Alta

Vetor

AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Circle with Disney version 2.0.1

Description A vulnerability exists in the WiFi Channel parsing of the device. It can be exploited by a specially crafted SSID, which can cause the device to execute arbitrary sed commands. An attacker needs to set up an access point reachable by the device to trigger this issue.

Recommendations For version 2.0.1, consider restricting access to the device's WiFi capabilities until a patch is available. As a temporary workaround, avoid connecting the device to untrusted or unknown access points to minimize the risk of exploitation.

Exploit

Correção

Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-77

Identificadores relacionados

CVE-2017-12094

Produtos afetados

Circle With Disney

PT-2017-12348 · Disney · Circle With Disney

CVE-2017-12094

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3