Vulnerabilities > Securifi > Almond Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-09-21 | CVE-2015-7296 | Unspecified vulnerability in Securifi Almond-2015 Firmware and Almond Firmware Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a linear algorithm for selecting the ID value in the header of a DNS query performed on behalf of the device itself, which makes it easier for remote attackers to spoof responses by including this ID value, as demonstrated by a response containing the address of the firmware update server, a different vulnerability than CVE-2015-2914. network securifi | 4.3 |
| 2015-09-21 | CVE-2015-2917 | Improper Input Validation vulnerability in Securifi Almond-2015 Firmware and Almond Firmware Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M unintentionally omit the X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site that contains a (1) FRAME, (2) IFRAME, or (3) OBJECT element. | 4.3 |
| 2015-09-21 | CVE-2015-2916 | Cross-Site Request Forgery (CSRF) vulnerability in Securifi Almond-2015 Firmware and Almond Firmware Cross-site request forgery (CSRF) vulnerability on Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M allows remote attackers to hijack the authentication of arbitrary users. | 6.8 |
| 2015-09-21 | CVE-2015-2915 | Credentials Management vulnerability in Securifi Almond-2015 Firmware and Almond Firmware Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M have a default password of admin for the admin account, which allows remote attackers to obtain web-management access by leveraging the ability to authenticate from the intranet. | 7.3 |
| 2015-09-21 | CVE-2015-2914 | Unspecified vulnerability in Securifi Almond-2015 Firmware and Almond Firmware Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a fixed source-port number in outbound DNS queries performed on behalf of any device, which makes it easier for remote attackers to spoof responses by using this number for the destination port, a different vulnerability than CVE-2015-7296. | 5.0 |