CVE-2017-12094

HIGH

Circle with Disney 2.0.1 - OS Command Injection via WiFi SSID Parsing

Title source: llm
STIX 2.1

Description

An exploitable vulnerability exists in the WiFi Channel parsing of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary sed commands. An attacker needs to setup an access point reachable by the device to trigger this vulnerability.

References (1)

Core 1
Core References
Exploit, Technical Description, Third Party Advisory x_refsource_misc
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0446

Scores

CVSS v3 7.4
EPSS 0.0087
EPSS Percentile 54.4%
Attack Vector ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Details

CWE
CWE-77
Status published
Products (2)
Circle Media/Circle firmware 2.0.1
meetcircle/circle_with_disney_firmware 2.0.1
Published Nov 07, 2017
Tracked Since Feb 18, 2026