Arbitrary Command Execution Vulnerability in Circle with Disney Firmware 2.0.1

Arbitrary Command Execution Vulnerability in Circle with Disney Firmware 2.0.1

CVE-2017-12094 · MEDIUM Severity

AV:A/AC:L/AU:N/C:N/I:N/A:C

An exploitable vulnerability exists in the WiFi Channel parsing of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary sed commands. An attacker needs to setup an access point reachable by the device to trigger this vulnerability.

Learn more about our Web Application Penetration Testing UK.