Circle with Disney Firmware 2.0.1 - OS Command Injection via Notifications

Circle with Disney Firmware 2.0.1 - OS Command Injection via Notifications

CVE-2017-2917 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability.

Learn more about our Network Penetration Testing.