Securifi Almond +Firmware vulnerabilities
10 known vulnerabilities affecting securifi/almond_+firmware.
Total CVEs
10
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH8MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2017-8333P2HIGHCVSS 8.8val-r0962019-06-18
CVE-2017-8333 [HIGH] CWE-77 CVE-2017-8333: An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096.
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of adding new routes to the device. It seems that the POST parameters passed in this request to set up routes on the device can be set in such a way that would result in passing commands to a "popen" API in the
nvd
CVE-2017-8331P2HIGHCVSS 8.8val-r0962019-06-18
CVE-2017-8331 [HIGH] CWE-77 CVE-2017-8331: An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096.
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of adding new port forwarding rules to the device. It seems that the POST parameters passed in this request to set up routes on the device can be set in such a way that would result in passing commands to a "sy
nvd
CVE-2017-8336P3HIGHCVSS 8.8val-r0962019-06-18
CVE-2017-8336 [HIGH] CWE-119 CVE-2017-8336: An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096.
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of adding new routes to the device. It seems that the POST parameters passed in this request to set up routes on the device can be set in such a way that would result in overflowing the stack set up and allow
nvd
CVE-2017-8332P3HIGHCVSS 8.8val-r0962019-06-18
CVE-2017-8332 [HIGH] CWE-79 CVE-2017-8332: An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096.
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of blocking key words passing in the web traffic to prevent kids from watching content that might be deemed unsafe using the web management interface. It seems that the device does not implement any cross-site
nvd
CVE-2017-8337P3HIGHCVSS 8.8val-r0962019-06-18
CVE-2017-8337 [HIGH] CWE-200 CVE-2017-8337: An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096.
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of executing various actions on the web management interface. It seems that the device does not implement any Origin header check which allows an attacker who can trick a user to navigate to an attacker's webp
nvd
CVE-2017-8335P3HIGHCVSS 8.0val-r0962019-06-18
CVE-2017-8335 [HIGH] CWE-119 CVE-2017-8335: An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096.
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of setting name for wireless network. These values are stored by the device in NVRAM (Non-volatile RAM). It seems that the POST parameters passed in this request to set up names on the device do not have a str
nvd
CVE-2017-8328P3HIGHCVSS 8.8val-r0962019-06-18
CVE-2017-8328 [HIGH] CWE-352 CVE-2017-8328: An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096.
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of changing the administrative password for the web management interface. It seems that the device does not implement any cross site request forgery protection mechanism which allows an attacker to trick a use
nvd
CVE-2017-8334P3HIGHCVSS 8.0val-r0962019-06-18
CVE-2017-8334 [HIGH] CWE-352 CVE-2017-8334: An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096.
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of blocking IP addresses using the web management interface. It seems that the device does not implement any cross-site scripting forgery protection mechanism which allows an attacker to trick a user who is lo
nvd
CVE-2017-8329P3MEDIUMCVSS 6.4val-r0962019-06-18
CVE-2017-8329 [MEDIUM] CWE-119 CVE-2017-8329: An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096.
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of setting a name for the wireless network. These values are stored by the device in NVRAM (Non-volatile RAM). It seems that the POST parameters passed in this request to set up names on the device do not ha
nvd
CVE-2017-8330P4MEDIUMCVSS 6.5val-r0962019-06-18
CVE-2017-8330 [MEDIUM] CWE-20 CVE-2017-8330: An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096.
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a UPnP functionality for devices to interface with the router and interact with the device. It seems that the "NewInMessage" SOAP parameter passed with a huge payload results in crashing the process. If the firmware version AL-R096 is
nvd