CVE-2017-2912

Summary

An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the goclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability.

Affected Software

VendorProductVersion RangeStatus
Circle MediaCirclefirmware 2.0.1affected

Weaknesses

  • authentication bypass

ADP Enrichment

CVE Program Container

Additional References

References