CVE-2017-2911

Severity CVSS v4.0:
Pending analysis
Type:
CWE-297 Improper Validation of Certificate with Host Mismatch
Publication date:
07/11/2017
Last modified:
20/04/2025

Description

An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the rclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:meetcircle:circle_with_disney_firmware:2.0.1:*:*:*:*:*:*:*
cpe:2.3:h:meetcircle:circle_with_disney:-:*:*:*:*:*:*:*