CVE-2017-12095
MEDIUMCircle with Disney Firmware 2.0.1 - Authentication Bypass via Spoofed De-Auth Packets
Title source: llmDescription
An exploitable vulnerability exists in the WiFi Access Point feature of Circle with Disney running firmware 2.0.1. A series of WiFi packets can force Circle to setup an Access Point with default credentials. An attacker needs to send a series of spoofed "de-auth" packets to trigger this vulnerability.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://talosintelligence.com/vulnerability_reports/TALOS-2017-0447
Scores
CVSS v3
6.5
EPSS
0.0065
EPSS Percentile
46.3%
Attack Vector
ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-290
Status
published
Products (1)
meetcircle/circle_with_disney_firmware
2.0.1
Published
Apr 05, 2018
Tracked Since
Feb 18, 2026