Description
An exploitable vulnerability exists in the WiFi management of Circle with Disney. A crafted Access Point with the same name as the legitimate one can be used to make Circle connect to an untrusted network. An attacker needs to setup an Access Point reachable by the device and to send a series of spoofed "deauth" packets to trigger this vulnerability.
References (1)
Core 1
Core References
Exploit, Technical Description, Third Party Advisory x_refsource_misc
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0448
Scores
CVSS v3
6.5
EPSS
0.0068
EPSS Percentile
47.4%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-290
Status
published
Products (2)
Circle Media/Circle
firmware 2.0.1
meetcircle/circle_with_disney_firmware
2.0.1
Published
Nov 07, 2017
Tracked Since
Feb 18, 2026