CVE-2017-2890

HIGH

Circle with Disney 2.0.1 - OS Command Injection via /api/CONFIG/restore

Title source: llm
STIX 2.1

Description

An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request trigger this vulnerability.

References (1)

Core 1
Core References

Scores

CVSS v3 8.8
EPSS 0.0263
EPSS Percentile 83.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (2)
Circle Media/Circle firmware 2.0.1
meetcircle/circle_with_disney_firmware 2.0.1
Published Nov 07, 2017
Tracked Since Feb 18, 2026