PT-2017-12344 · Disney · Circle With Disney

Published

2017-11-07

Updated

2022-04-19

CVE-2017-12083

CVSS v3.1

5.8

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Circle with Disney version 2.0.1

Description An information disclosure issue exists in the apid daemon, where a specially crafted set of packets can cause the device to dump internal database strings into an HTTP response. This can be triggered by an attacker with network connectivity to the Internet.

Recommendations For Circle with Disney version 2.0.1, consider restricting access to the apid daemon until a patch is available. As a temporary workaround, limit network connectivity to minimize the risk of exploitation.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2017-12083

Affected Products

Circle With Disney

PT-2017-12344 · Disney · Circle With Disney

CVE-2017-12083

Weakness Enumeration

Related Identifiers

Affected Products

References · 3