CVE-2017-2912

Published: Nov 7, 2017Modified: May 13, 2026

5.9

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the goclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability.

Affected (1)

Products: Meetcircle: Circle With Disney Firmware

1 product

Circle With Disney Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Meetcircle Circle With Disney Firmware	Version 2.0.1

Running on/with	Platform Versions
Meetcircle Circle With Disney	All versions

Related CWEs

Improper Validation of Certificate with Host Mismatch

The product communicates with a host that provides a certificate, but the product does not properly ensure that the certificate is actually associated with that host.

References (2)

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0419

Source: talos-cna@cisco.com

ExploitThird Party Advisory

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0419

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.