CVE-2017-2884

Summary

An exploitable vulnerability exists in the user photo update functionality of Circle with Disney running firmware 2.0.1. A repeated set of specially crafted API calls can cause the device to corrupt essential memory, resulting in a bricked device. An attacker needs network connectivity to the device to trigger this vulnerability.

Affected Software

VendorProductVersion RangeStatus
Circle MediaCirclefirmware 2.0.1affected

Weaknesses

  • authentication bypass

ADP Enrichment

CVE Program Container

Additional References

References