OS Command Injection in Circle with Disney Firmware 2.0.1 via /api/CONFIG/restore Endpoint

OS Command Injection in Circle with Disney Firmware 2.0.1 via /api/CONFIG/restore Endpoint

CVE-2017-2890 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request trigger this vulnerability.

Learn more about our Api Penetration Testing.