CVE-2017-12096

Published: Nov 7, 2017Modified: May 13, 2026

6.5

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

An exploitable vulnerability exists in the WiFi management of Circle with Disney. A crafted Access Point with the same name as the legitimate one can be used to make Circle connect to an untrusted network. An attacker needs to setup an Access Point reachable by the device and to send a series of spoofed "deauth" packets to trigger this vulnerability.

Affected (1)

Products: Meetcircle: Circle With Disney Firmware

1 product

Circle With Disney Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Meetcircle Circle With Disney Firmware	Version 2.0.1

Running on/with	Platform Versions
Meetcircle Circle With Disney	All versions

Related CWEs

Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

References (2)

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0448

Source: talos-cna@cisco.com

ExploitTechnical DescriptionThird Party Advisory

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0448

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitTechnical DescriptionThird Party Advisory

Timeline

No history available yet.