CVE-2017-2911
Severity CVSS v4.0:
Pending analysis
Type:
CWE-297
Improper Validation of Certificate with Host Mismatch
Publication date:
07/11/2017
Last modified:
20/04/2025
Description
An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the rclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability.
Impact
Base Score 3.x
5.90
Severity 3.x
MEDIUM
Base Score 2.0
2.60
Severity 2.0
LOW
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:meetcircle:circle_with_disney_firmware:2.0.1:*:*:*:*:*:*:* | ||
cpe:2.3:h:meetcircle:circle_with_disney:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page