Vulnerabilities > Securifi > Almond 2015

DATE CVE VULNERABILITY TITLE RISK
2015-09-21 CVE-2015-7296 Unspecified vulnerability in Securifi Almond-2015 Firmware and Almond Firmware
Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a linear algorithm for selecting the ID value in the header of a DNS query performed on behalf of the device itself, which makes it easier for remote attackers to spoof responses by including this ID value, as demonstrated by a response containing the address of the firmware update server, a different vulnerability than CVE-2015-2914.
network
securifi
4.3
2015-09-21 CVE-2015-2917 Improper Input Validation vulnerability in Securifi Almond-2015 Firmware and Almond Firmware
Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M unintentionally omit the X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site that contains a (1) FRAME, (2) IFRAME, or (3) OBJECT element.
network
securifi CWE-20
4.3
2015-09-21 CVE-2015-2916 Cross-Site Request Forgery (CSRF) vulnerability in Securifi Almond-2015 Firmware and Almond Firmware
Cross-site request forgery (CSRF) vulnerability on Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M allows remote attackers to hijack the authentication of arbitrary users.
network
securifi CWE-352
6.8
2015-09-21 CVE-2015-2915 Credentials Management vulnerability in Securifi Almond-2015 Firmware and Almond Firmware
Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M have a default password of admin for the admin account, which allows remote attackers to obtain web-management access by leveraging the ability to authenticate from the intranet.
low complexity
securifi CWE-255
7.3
2015-09-21 CVE-2015-2914 Unspecified vulnerability in Securifi Almond-2015 Firmware and Almond Firmware
Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a fixed source-port number in outbound DNS queries performed on behalf of any device, which makes it easier for remote attackers to spoof responses by using this number for the destination port, a different vulnerability than CVE-2015-7296.
network
low complexity
securifi
5.0