Cisco Talos has disclosed several vulnerabilities identified in Circle with Disney
November 2017 by Cisco Talos
Circle with Disney is a network device designed to monitor the Internet use of children on a given network. Circle pairs wirelessly, with your home Wi-Fi and allows you to manage every device on the network, tablet, TV, or laptop. It can also pair via ethernet after the initial pairing. Using an iOS or Android app, families create unique profiles for every member of the home and from there, help shape each person’s online experience.
Through these exploitable vulnerabilities a malicious attacker could gain various levels of access and privilege, including the ability to alter network traffic, execute arbitrary remote code, inject commands , install unsigned firmware, accept a different certificate than intended, bypass authentication, escalate privileges, reboot the device, install a persistent backdoor, overwrite files, or even completely brick the device.