CVE-2017-2865

Summary

An exploitable vulnerability exists in the firmware update functionality of Circle with Disney. Specially crafted network packets can cause the product to run an attacker-supplied shell script. An attacker can intercept and alter network traffic to trigger this vulnerability.

Affected Software

VendorProductVersion RangeStatus
Circle MediaCirclefirmware 2.0.1affected

Weaknesses

  • command injection

ADP Enrichment

CVE Program Container

Additional References

References