CVEs-PoC/2017/CVE-2017-2916.md

### [CVE-2017-2916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2916)
![](https://img.shields.io/static/v1?label=Product&message=Circle&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=firmware%202.0.1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=arbitrary%20code%20execution&color=brightgreen)

### Description

An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an arbitrary file to be overwritten. An attacker can send an HTTP request to trigger this vulnerability.

### POC

#### Reference
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0423

#### Github
No PoCs found on GitHub currently.