Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
15 vulnerabilities by securifi
VAR-201509-0479
Vulnerability from variot - Updated: 2023-12-18 12:57Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M have a default password of admin for the admin account, which allows remote attackers to obtain web-management access by leveraging the ability to authenticate from the intranet. admin To use a password, Web There is a vulnerability that gains administrative access.By using an authentication function from an intranet by a third party, Web You may get administrative access. Securifi Almond is a wireless router product from Securifi. Securifi Almond uses a default password, which has a cross-site request forgery vulnerability that allows remote attackers to build malicious URIs, entice users to resolve, and perform malicious actions in the target user context. Securifi Almond and Almond 2015 are prone to the following security vulnerabilities: 1. A Predictable Random Number Generator Weakness. 2. An information-disclosure vulnerability 3. Insecure Default Password Vulnerability 4. A cross-site request-forgery vulnerability. 5. A security-bypass vulnerability. An attacker can exploit these issues to bypass security restrictions and perform certain unauthorized actions, brute-force attacks, bypass-authentication mechanisms, or gain access to potentially sensitive information. This may lead to further attacks. A remote attacker authenticated on the intranet can exploit this vulnerability to gain access to web-management
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201509-0479",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "almond-2015",
"scope": "lte",
"trust": 1.0,
"vendor": "securifi",
"version": "al2-r088"
},
{
"model": "almond",
"scope": "lte",
"trust": 1.0,
"vendor": "securifi",
"version": "al1-r201exp10-l304-w33"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "securifi",
"version": null
},
{
"model": "almond",
"scope": null,
"trust": 0.8,
"vendor": "securifi",
"version": null
},
{
"model": "almond 2015",
"scope": null,
"trust": 0.8,
"vendor": "securifi",
"version": null
},
{
"model": "almond 2015",
"scope": "lt",
"trust": 0.8,
"vendor": "securifi",
"version": "al2-r088m"
},
{
"model": "almond",
"scope": "lt",
"trust": 0.8,
"vendor": "securifi",
"version": "al1-r201exp10-l304-w34"
},
{
"model": "almond \u003cal1-r201exp10-l304-w34",
"scope": null,
"trust": 0.6,
"vendor": "securifi",
"version": null
},
{
"model": "almond-2015 \u003cal2-r088m",
"scope": null,
"trust": 0.6,
"vendor": "securifi",
"version": null
},
{
"model": "almond",
"scope": "eq",
"trust": 0.6,
"vendor": "securifi",
"version": "al1-r201exp10-l304-w33"
},
{
"model": "almond-2015",
"scope": "eq",
"trust": 0.6,
"vendor": "securifi",
"version": "al2-r088"
},
{
"model": "almond al2-r088",
"scope": "eq",
"trust": 0.3,
"vendor": "securifi",
"version": "2015"
},
{
"model": "almond al1-r200-l302-w33",
"scope": null,
"trust": 0.3,
"vendor": "securifi",
"version": null
},
{
"model": "almond al2-r088m",
"scope": "ne",
"trust": 0.3,
"vendor": "securifi",
"version": "2015"
},
{
"model": "almond al1-r201exp10-l304-w",
"scope": "ne",
"trust": 0.3,
"vendor": "securifi",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "CNVD",
"id": "CNVD-2015-06093"
},
{
"db": "BID",
"id": "76701"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004893"
},
{
"db": "NVD",
"id": "CVE-2015-2915"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-201"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:securifi:almond_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "al1-r201exp10-l304-w33",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:securifi:almond:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:securifi:almond-2015_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "al2-r088",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:securifi:almond-2015:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2915"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Joel Land of the CERT/CC",
"sources": [
{
"db": "BID",
"id": "76701"
}
],
"trust": 0.3
},
"cve": "CVE-2015-2915",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-2915",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2015-06093",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "VHN-80876",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:P/I:P/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-2915",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-06093",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-201",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-80876",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06093"
},
{
"db": "VULHUB",
"id": "VHN-80876"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004893"
},
{
"db": "NVD",
"id": "CVE-2015-2915"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-201"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M have a default password of admin for the admin account, which allows remote attackers to obtain web-management access by leveraging the ability to authenticate from the intranet. admin To use a password, Web There is a vulnerability that gains administrative access.By using an authentication function from an intranet by a third party, Web You may get administrative access. Securifi Almond is a wireless router product from Securifi. Securifi Almond uses a default password, which has a cross-site request forgery vulnerability that allows remote attackers to build malicious URIs, entice users to resolve, and perform malicious actions in the target user context. Securifi Almond and Almond 2015 are prone to the following security vulnerabilities:\n1. A Predictable Random Number Generator Weakness. \n2. An information-disclosure vulnerability\n3. Insecure Default Password Vulnerability\n4. A cross-site request-forgery vulnerability. \n5. A security-bypass vulnerability. \nAn attacker can exploit these issues to bypass security restrictions and perform certain unauthorized actions, brute-force attacks, bypass-authentication mechanisms, or gain access to potentially sensitive information. This may lead to further attacks. A remote attacker authenticated on the intranet can exploit this vulnerability to gain access to web-management",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2915"
},
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004893"
},
{
"db": "CNVD",
"id": "CNVD-2015-06093"
},
{
"db": "BID",
"id": "76701"
},
{
"db": "VULHUB",
"id": "VHN-80876"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#906576",
"trust": 4.2
},
{
"db": "NVD",
"id": "CVE-2015-2915",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVNVU99004652",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004893",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201509-201",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-06093",
"trust": 0.6
},
{
"db": "BID",
"id": "76701",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-80876",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "CNVD",
"id": "CNVD-2015-06093"
},
{
"db": "VULHUB",
"id": "VHN-80876"
},
{
"db": "BID",
"id": "76701"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004893"
},
{
"db": "NVD",
"id": "CVE-2015-2915"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-201"
}
]
},
"id": "VAR-201509-0479",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06093"
},
{
"db": "VULHUB",
"id": "VHN-80876"
}
],
"trust": 1.409893045
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06093"
}
]
},
"last_update_date": "2023-12-18T12:57:42.557000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.securifi.com/almond"
},
{
"title": "Patch of Securifi Almond cross-site request forgery vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/64195"
},
{
"title": "AL1-R201EXP10-L304-W34",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=57700"
},
{
"title": "AL2-R088m",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=57701"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06093"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004893"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-201"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80876"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004893"
},
{
"db": "NVD",
"id": "CVE-2015-2915"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.kb.cert.org/vuls/id/906576"
},
{
"trust": 1.7,
"url": "http://www.securifi.com/almond"
},
{
"trust": 1.4,
"url": "https://firmware.securifi.com/al1/al1-r201exp10-l304-w34"
},
{
"trust": 1.4,
"url": "https://firmware.securifi.com/al2/al2-r088m"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/330.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/319.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2915"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99004652/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2915"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "CNVD",
"id": "CNVD-2015-06093"
},
{
"db": "VULHUB",
"id": "VHN-80876"
},
{
"db": "BID",
"id": "76701"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004893"
},
{
"db": "NVD",
"id": "CVE-2015-2915"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-201"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "CNVD",
"id": "CNVD-2015-06093"
},
{
"db": "VULHUB",
"id": "VHN-80876"
},
{
"db": "BID",
"id": "76701"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004893"
},
{
"db": "NVD",
"id": "CVE-2015-2915"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-201"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-10T00:00:00",
"db": "CERT/CC",
"id": "VU#906576"
},
{
"date": "2015-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06093"
},
{
"date": "2015-09-21T00:00:00",
"db": "VULHUB",
"id": "VHN-80876"
},
{
"date": "2015-09-10T00:00:00",
"db": "BID",
"id": "76701"
},
{
"date": "2015-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004893"
},
{
"date": "2015-09-21T10:59:03.257000",
"db": "NVD",
"id": "CVE-2015-2915"
},
{
"date": "2015-09-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-201"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-15T00:00:00",
"db": "CERT/CC",
"id": "VU#906576"
},
{
"date": "2015-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06093"
},
{
"date": "2015-09-30T00:00:00",
"db": "VULHUB",
"id": "VHN-80876"
},
{
"date": "2015-09-10T00:00:00",
"db": "BID",
"id": "76701"
},
{
"date": "2015-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004893"
},
{
"date": "2015-09-30T18:19:01.710000",
"db": "NVD",
"id": "CVE-2015-2915"
},
{
"date": "2015-09-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-201"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-201"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Securifi Almond routers contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#906576"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-201"
}
],
"trust": 0.6
}
}
VAR-201509-0478
Vulnerability from variot - Updated: 2023-12-18 12:57Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a fixed source-port number in outbound DNS queries performed on behalf of any device, which makes it easier for remote attackers to spoof responses by using this number for the destination port, a different vulnerability than CVE-2015-7296. Securifi Almond, firmware version AL1-R200-L302-W33 and earlier, and Securifi Almond 2015, firmware version AL2-R088 and earlier, contain multiple vulnerabilities. This vulnerability CVE-2015-7296 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-330: Use of Insufficiently Random Values ( Insufficient random value used ) Has been identified. http://cwe.mitre.org/data/definitions/330.htmlIf a third party uses a fixed source port number for the destination port, the response may be spoofed. Securifi Almond is a wireless router product from Securifi. Securifi Almond and Almond 2015 are prone to the following security vulnerabilities: 1. A Predictable Random Number Generator Weakness. 2. Insecure Default Password Vulnerability 4. 5. An attacker can exploit these issues to bypass security restrictions and perform certain unauthorized actions, brute-force attacks, bypass-authentication mechanisms, or gain access to potentially sensitive information. This may lead to further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201509-0478",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "almond-2015",
"scope": "lte",
"trust": 1.0,
"vendor": "securifi",
"version": "al2-r088"
},
{
"model": "almond",
"scope": "lte",
"trust": 1.0,
"vendor": "securifi",
"version": "al1-r201exp10-l304-w33"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "securifi",
"version": null
},
{
"model": "almond",
"scope": null,
"trust": 0.8,
"vendor": "securifi",
"version": null
},
{
"model": "almond 2015",
"scope": null,
"trust": 0.8,
"vendor": "securifi",
"version": null
},
{
"model": "almond 2015",
"scope": "lt",
"trust": 0.8,
"vendor": "securifi",
"version": "al2-r088m"
},
{
"model": "almond",
"scope": "lt",
"trust": 0.8,
"vendor": "securifi",
"version": "al1-r201exp10-l304-w34"
},
{
"model": "almond \u003cal1-r201exp10-l304-w34",
"scope": null,
"trust": 0.6,
"vendor": "securifi",
"version": null
},
{
"model": "almond-2015 \u003cal2-r088m",
"scope": null,
"trust": 0.6,
"vendor": "securifi",
"version": null
},
{
"model": "almond",
"scope": "eq",
"trust": 0.6,
"vendor": "securifi",
"version": "al1-r201exp10-l304-w33"
},
{
"model": "almond-2015",
"scope": "eq",
"trust": 0.6,
"vendor": "securifi",
"version": "al2-r088"
},
{
"model": "almond al2-r088",
"scope": "eq",
"trust": 0.3,
"vendor": "securifi",
"version": "2015"
},
{
"model": "almond al1-r200-l302-w33",
"scope": null,
"trust": 0.3,
"vendor": "securifi",
"version": null
},
{
"model": "almond al2-r088m",
"scope": "ne",
"trust": 0.3,
"vendor": "securifi",
"version": "2015"
},
{
"model": "almond al1-r201exp10-l304-w",
"scope": "ne",
"trust": 0.3,
"vendor": "securifi",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "CNVD",
"id": "CNVD-2015-06092"
},
{
"db": "BID",
"id": "76701"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004892"
},
{
"db": "NVD",
"id": "CVE-2015-2914"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-200"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:securifi:almond_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "al1-r201exp10-l304-w33",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:securifi:almond:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:securifi:almond-2015_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "al2-r088",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:securifi:almond-2015:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2914"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Joel Land of the CERT/CC",
"sources": [
{
"db": "BID",
"id": "76701"
}
],
"trust": 0.3
},
"cve": "CVE-2015-2914",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-2914",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-06092",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-80875",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-2914",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-06092",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-200",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-80875",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06092"
},
{
"db": "VULHUB",
"id": "VHN-80875"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004892"
},
{
"db": "NVD",
"id": "CVE-2015-2914"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-200"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a fixed source-port number in outbound DNS queries performed on behalf of any device, which makes it easier for remote attackers to spoof responses by using this number for the destination port, a different vulnerability than CVE-2015-7296. Securifi Almond, firmware version AL1-R200-L302-W33 and earlier, and Securifi Almond 2015, firmware version AL2-R088 and earlier, contain multiple vulnerabilities. This vulnerability CVE-2015-7296 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-330: Use of Insufficiently Random Values ( Insufficient random value used ) Has been identified. http://cwe.mitre.org/data/definitions/330.htmlIf a third party uses a fixed source port number for the destination port, the response may be spoofed. Securifi Almond is a wireless router product from Securifi. Securifi Almond and Almond 2015 are prone to the following security vulnerabilities:\n1. A Predictable Random Number Generator Weakness. \n2. Insecure Default Password Vulnerability\n4. \n5. \nAn attacker can exploit these issues to bypass security restrictions and perform certain unauthorized actions, brute-force attacks, bypass-authentication mechanisms, or gain access to potentially sensitive information. This may lead to further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2914"
},
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004892"
},
{
"db": "CNVD",
"id": "CNVD-2015-06092"
},
{
"db": "BID",
"id": "76701"
},
{
"db": "VULHUB",
"id": "VHN-80875"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#906576",
"trust": 4.2
},
{
"db": "NVD",
"id": "CVE-2015-2914",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVNVU99004652",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004892",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201509-200",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-06092",
"trust": 0.6
},
{
"db": "BID",
"id": "76701",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-80875",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "CNVD",
"id": "CNVD-2015-06092"
},
{
"db": "VULHUB",
"id": "VHN-80875"
},
{
"db": "BID",
"id": "76701"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004892"
},
{
"db": "NVD",
"id": "CVE-2015-2914"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-200"
}
]
},
"id": "VAR-201509-0478",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06092"
},
{
"db": "VULHUB",
"id": "VHN-80875"
}
],
"trust": 1.409893045
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06092"
}
]
},
"last_update_date": "2023-12-18T12:57:42.513000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.securifi.com/almond"
},
{
"title": "Securifi Almond security bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/64194"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06092"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004892"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004892"
},
{
"db": "NVD",
"id": "CVE-2015-2914"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.kb.cert.org/vuls/id/906576"
},
{
"trust": 1.7,
"url": "http://www.securifi.com/almond"
},
{
"trust": 1.4,
"url": "https://firmware.securifi.com/al1/al1-r201exp10-l304-w34"
},
{
"trust": 1.4,
"url": "https://firmware.securifi.com/al2/al2-r088m"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/330.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/319.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2914"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99004652/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2914"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "CNVD",
"id": "CNVD-2015-06092"
},
{
"db": "VULHUB",
"id": "VHN-80875"
},
{
"db": "BID",
"id": "76701"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004892"
},
{
"db": "NVD",
"id": "CVE-2015-2914"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-200"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "CNVD",
"id": "CNVD-2015-06092"
},
{
"db": "VULHUB",
"id": "VHN-80875"
},
{
"db": "BID",
"id": "76701"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004892"
},
{
"db": "NVD",
"id": "CVE-2015-2914"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-200"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-10T00:00:00",
"db": "CERT/CC",
"id": "VU#906576"
},
{
"date": "2015-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06092"
},
{
"date": "2015-09-21T00:00:00",
"db": "VULHUB",
"id": "VHN-80875"
},
{
"date": "2015-09-10T00:00:00",
"db": "BID",
"id": "76701"
},
{
"date": "2015-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004892"
},
{
"date": "2015-09-21T10:59:01.960000",
"db": "NVD",
"id": "CVE-2015-2914"
},
{
"date": "2015-09-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-200"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-15T00:00:00",
"db": "CERT/CC",
"id": "VU#906576"
},
{
"date": "2015-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06092"
},
{
"date": "2015-09-30T00:00:00",
"db": "VULHUB",
"id": "VHN-80875"
},
{
"date": "2015-09-10T00:00:00",
"db": "BID",
"id": "76701"
},
{
"date": "2015-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004892"
},
{
"date": "2015-09-30T18:18:32.037000",
"db": "NVD",
"id": "CVE-2015-2914"
},
{
"date": "2015-09-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-200"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-200"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Securifi Almond routers contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#906576"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "76701"
}
],
"trust": 0.3
}
}
VAR-201509-0481
Vulnerability from variot - Updated: 2023-12-18 12:57Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M unintentionally omit the X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site that contains a (1) FRAME, (2) IFRAME, or (3) OBJECT element. Securifi Almond, firmware version AL1-R200-L302-W33 and earlier, and Securifi Almond 2015, firmware version AL2-R088 and earlier, contain multiple vulnerabilities. Securifi Almond is a wireless router product from Securifi. Securifi Almond and Almond 2015 are prone to the following security vulnerabilities: 1. A Predictable Random Number Generator Weakness. 2. An information-disclosure vulnerability 3. Insecure Default Password Vulnerability 4. A cross-site request-forgery vulnerability. 5. A security-bypass vulnerability. An attacker can exploit these issues to bypass security restrictions and perform certain unauthorized actions, brute-force attacks, bypass-authentication mechanisms, or gain access to potentially sensitive information. This may lead to further attacks. The vulnerability is caused by the program ignoring the X-Frame-Options HTTP header
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201509-0481",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "almond-2015",
"scope": "lte",
"trust": 1.0,
"vendor": "securifi",
"version": "al2-r088"
},
{
"model": "almond",
"scope": "lte",
"trust": 1.0,
"vendor": "securifi",
"version": "al1-r201exp10-l304-w33"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "securifi",
"version": null
},
{
"model": "almond",
"scope": null,
"trust": 0.8,
"vendor": "securifi",
"version": null
},
{
"model": "almond 2015",
"scope": null,
"trust": 0.8,
"vendor": "securifi",
"version": null
},
{
"model": "almond 2015",
"scope": "lt",
"trust": 0.8,
"vendor": "securifi",
"version": "al2-r088m"
},
{
"model": "almond",
"scope": "lt",
"trust": 0.8,
"vendor": "securifi",
"version": "al1-r201exp10-l304-w34"
},
{
"model": "almond \u003cal1-r201exp10-l304-w34",
"scope": null,
"trust": 0.6,
"vendor": "securifi",
"version": null
},
{
"model": "almond-2015 \u003cal2-r088m",
"scope": null,
"trust": 0.6,
"vendor": "securifi",
"version": null
},
{
"model": "almond",
"scope": "eq",
"trust": 0.6,
"vendor": "securifi",
"version": "al1-r201exp10-l304-w33"
},
{
"model": "almond-2015",
"scope": "eq",
"trust": 0.6,
"vendor": "securifi",
"version": "al2-r088"
},
{
"model": "almond al2-r088",
"scope": "eq",
"trust": 0.3,
"vendor": "securifi",
"version": "2015"
},
{
"model": "almond al1-r200-l302-w33",
"scope": null,
"trust": 0.3,
"vendor": "securifi",
"version": null
},
{
"model": "almond al2-r088m",
"scope": "ne",
"trust": 0.3,
"vendor": "securifi",
"version": "2015"
},
{
"model": "almond al1-r201exp10-l304-w",
"scope": "ne",
"trust": 0.3,
"vendor": "securifi",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "CNVD",
"id": "CNVD-2015-06094"
},
{
"db": "BID",
"id": "76701"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004895"
},
{
"db": "NVD",
"id": "CVE-2015-2917"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-203"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:securifi:almond_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "al1-r201exp10-l304-w33",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:securifi:almond:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:securifi:almond-2015_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "al2-r088",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:securifi:almond-2015:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2917"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Joel Land of the CERT/CC",
"sources": [
{
"db": "BID",
"id": "76701"
}
],
"trust": 0.3
},
"cve": "CVE-2015-2917",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-2917",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-06094",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-80878",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-2917",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-06094",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-203",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-80878",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06094"
},
{
"db": "VULHUB",
"id": "VHN-80878"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004895"
},
{
"db": "NVD",
"id": "CVE-2015-2917"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-203"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M unintentionally omit the X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site that contains a (1) FRAME, (2) IFRAME, or (3) OBJECT element. Securifi Almond, firmware version AL1-R200-L302-W33 and earlier, and Securifi Almond 2015, firmware version AL2-R088 and earlier, contain multiple vulnerabilities. Securifi Almond is a wireless router product from Securifi. Securifi Almond and Almond 2015 are prone to the following security vulnerabilities:\n1. A Predictable Random Number Generator Weakness. \n2. An information-disclosure vulnerability\n3. Insecure Default Password Vulnerability\n4. A cross-site request-forgery vulnerability. \n5. A security-bypass vulnerability. \nAn attacker can exploit these issues to bypass security restrictions and perform certain unauthorized actions, brute-force attacks, bypass-authentication mechanisms, or gain access to potentially sensitive information. This may lead to further attacks. The vulnerability is caused by the program ignoring the X-Frame-Options HTTP header",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2917"
},
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004895"
},
{
"db": "CNVD",
"id": "CNVD-2015-06094"
},
{
"db": "BID",
"id": "76701"
},
{
"db": "VULHUB",
"id": "VHN-80878"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#906576",
"trust": 4.2
},
{
"db": "NVD",
"id": "CVE-2015-2917",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVNVU99004652",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004895",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201509-203",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-06094",
"trust": 0.6
},
{
"db": "BID",
"id": "76701",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-80878",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "CNVD",
"id": "CNVD-2015-06094"
},
{
"db": "VULHUB",
"id": "VHN-80878"
},
{
"db": "BID",
"id": "76701"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004895"
},
{
"db": "NVD",
"id": "CVE-2015-2917"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-203"
}
]
},
"id": "VAR-201509-0481",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06094"
},
{
"db": "VULHUB",
"id": "VHN-80878"
}
],
"trust": 1.409893045
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06094"
}
]
},
"last_update_date": "2023-12-18T12:57:42.474000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.securifi.com/almond"
},
{
"title": "Securifi Almond access patch to limit the vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/64196"
},
{
"title": "AL2-R088m",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=57701"
},
{
"title": "AL1-R201EXP10-L304-W34",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=57700"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06094"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004895"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-203"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80878"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004895"
},
{
"db": "NVD",
"id": "CVE-2015-2917"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.kb.cert.org/vuls/id/906576"
},
{
"trust": 1.7,
"url": "http://www.securifi.com/almond"
},
{
"trust": 1.4,
"url": "https://firmware.securifi.com/al1/al1-r201exp10-l304-w34"
},
{
"trust": 1.4,
"url": "https://firmware.securifi.com/al2/al2-r088m"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/330.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/319.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2917"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99004652/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2917"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "CNVD",
"id": "CNVD-2015-06094"
},
{
"db": "VULHUB",
"id": "VHN-80878"
},
{
"db": "BID",
"id": "76701"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004895"
},
{
"db": "NVD",
"id": "CVE-2015-2917"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-203"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "CNVD",
"id": "CNVD-2015-06094"
},
{
"db": "VULHUB",
"id": "VHN-80878"
},
{
"db": "BID",
"id": "76701"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004895"
},
{
"db": "NVD",
"id": "CVE-2015-2917"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-203"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-10T00:00:00",
"db": "CERT/CC",
"id": "VU#906576"
},
{
"date": "2015-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06094"
},
{
"date": "2015-09-21T00:00:00",
"db": "VULHUB",
"id": "VHN-80878"
},
{
"date": "2015-09-10T00:00:00",
"db": "BID",
"id": "76701"
},
{
"date": "2015-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004895"
},
{
"date": "2015-09-21T10:59:05.460000",
"db": "NVD",
"id": "CVE-2015-2917"
},
{
"date": "2015-09-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-203"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-15T00:00:00",
"db": "CERT/CC",
"id": "VU#906576"
},
{
"date": "2015-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06094"
},
{
"date": "2015-09-30T00:00:00",
"db": "VULHUB",
"id": "VHN-80878"
},
{
"date": "2015-09-10T00:00:00",
"db": "BID",
"id": "76701"
},
{
"date": "2015-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004895"
},
{
"date": "2015-09-30T18:19:31.053000",
"db": "NVD",
"id": "CVE-2015-2917"
},
{
"date": "2015-09-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-203"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-203"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Securifi Almond routers contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#906576"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-203"
}
],
"trust": 0.6
}
}
VAR-201509-0242
Vulnerability from variot - Updated: 2023-12-18 12:57Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a linear algorithm for selecting the ID value in the header of a DNS query performed on behalf of the device itself, which makes it easier for remote attackers to spoof responses by including this ID value, as demonstrated by a response containing the address of the firmware update server, a different vulnerability than CVE-2015-2914. Securifi Almond, firmware version AL1-R200-L302-W33 and earlier, and Securifi Almond 2015, firmware version AL2-R088 and earlier, contain multiple vulnerabilities. This vulnerability CVE-2015-2914 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-330: Use of Insufficiently Random Values ( Insufficient random value used ) Has been identified. Securifi Almond is a wireless router product from Securifi. Securifi Almond has a man-in-the-middle attack vulnerability. ID value
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201509-0242",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "almond",
"scope": null,
"trust": 1.4,
"vendor": "securifi",
"version": null
},
{
"model": "almond-2015",
"scope": "lte",
"trust": 1.0,
"vendor": "securifi",
"version": "al2-r088"
},
{
"model": "almond",
"scope": "lte",
"trust": 1.0,
"vendor": "securifi",
"version": "al1-r201exp10-l304-w33"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "securifi",
"version": null
},
{
"model": "almond 2015",
"scope": null,
"trust": 0.8,
"vendor": "securifi",
"version": null
},
{
"model": "almond 2015",
"scope": "lt",
"trust": 0.8,
"vendor": "securifi",
"version": "al2-r088m"
},
{
"model": "almond",
"scope": "lt",
"trust": 0.8,
"vendor": "securifi",
"version": "al1-r201exp10-l304-w34"
},
{
"model": "almond",
"scope": "eq",
"trust": 0.6,
"vendor": "securifi",
"version": "al1-r201exp10-l304-w33"
},
{
"model": "almond-2015",
"scope": "eq",
"trust": 0.6,
"vendor": "securifi",
"version": "al2-r088"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "CNVD",
"id": "CNVD-2015-06266"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004933"
},
{
"db": "NVD",
"id": "CVE-2015-7296"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-391"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:securifi:almond_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "al1-r201exp10-l304-w33",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:securifi:almond:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:securifi:almond-2015_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "al2-r088",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:securifi:almond-2015:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7296"
}
]
},
"cve": "CVE-2015-7296",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-7296",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-06266",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-85257",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-7296",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-06266",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-391",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-85257",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-7296",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06266"
},
{
"db": "VULHUB",
"id": "VHN-85257"
},
{
"db": "VULMON",
"id": "CVE-2015-7296"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004933"
},
{
"db": "NVD",
"id": "CVE-2015-7296"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-391"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a linear algorithm for selecting the ID value in the header of a DNS query performed on behalf of the device itself, which makes it easier for remote attackers to spoof responses by including this ID value, as demonstrated by a response containing the address of the firmware update server, a different vulnerability than CVE-2015-2914. Securifi Almond, firmware version AL1-R200-L302-W33 and earlier, and Securifi Almond 2015, firmware version AL2-R088 and earlier, contain multiple vulnerabilities. This vulnerability CVE-2015-2914 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-330: Use of Insufficiently Random Values ( Insufficient random value used ) Has been identified. Securifi Almond is a wireless router product from Securifi. Securifi Almond has a man-in-the-middle attack vulnerability. ID value",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7296"
},
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004933"
},
{
"db": "CNVD",
"id": "CNVD-2015-06266"
},
{
"db": "VULHUB",
"id": "VHN-85257"
},
{
"db": "VULMON",
"id": "CVE-2015-7296"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#906576",
"trust": 4.0
},
{
"db": "NVD",
"id": "CVE-2015-7296",
"trust": 3.2
},
{
"db": "JVN",
"id": "JVNVU99004652",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004933",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201509-391",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-06266",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-85257",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-7296",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "CNVD",
"id": "CNVD-2015-06266"
},
{
"db": "VULHUB",
"id": "VHN-85257"
},
{
"db": "VULMON",
"id": "CVE-2015-7296"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004933"
},
{
"db": "NVD",
"id": "CVE-2015-7296"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-391"
}
]
},
"id": "VAR-201509-0242",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06266"
},
{
"db": "VULHUB",
"id": "VHN-85257"
}
],
"trust": 1.409893045
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06266"
}
]
},
"last_update_date": "2023-12-18T12:57:42.435000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.securifi.com/almond"
},
{
"title": "AL2-R088m",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=57701"
},
{
"title": "AL1-R201EXP10-L304-W34",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=57700"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004933"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-391"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004933"
},
{
"db": "NVD",
"id": "CVE-2015-7296"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "http://www.kb.cert.org/vuls/id/906576"
},
{
"trust": 0.8,
"url": "http://www.securifi.com/almond"
},
{
"trust": 0.8,
"url": "https://firmware.securifi.com/al1/al1-r201exp10-l304-w34"
},
{
"trust": 0.8,
"url": "https://firmware.securifi.com/al2/al2-r088m"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/330.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/319.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7296"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99004652/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7296"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "CNVD",
"id": "CNVD-2015-06266"
},
{
"db": "VULHUB",
"id": "VHN-85257"
},
{
"db": "VULMON",
"id": "CVE-2015-7296"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004933"
},
{
"db": "NVD",
"id": "CVE-2015-7296"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-391"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "CNVD",
"id": "CNVD-2015-06266"
},
{
"db": "VULHUB",
"id": "VHN-85257"
},
{
"db": "VULMON",
"id": "CVE-2015-7296"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004933"
},
{
"db": "NVD",
"id": "CVE-2015-7296"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-391"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-10T00:00:00",
"db": "CERT/CC",
"id": "VU#906576"
},
{
"date": "2015-09-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06266"
},
{
"date": "2015-09-21T00:00:00",
"db": "VULHUB",
"id": "VHN-85257"
},
{
"date": "2015-09-21T00:00:00",
"db": "VULMON",
"id": "CVE-2015-7296"
},
{
"date": "2015-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004933"
},
{
"date": "2015-09-21T10:59:09.520000",
"db": "NVD",
"id": "CVE-2015-7296"
},
{
"date": "2015-09-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-391"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-15T00:00:00",
"db": "CERT/CC",
"id": "VU#906576"
},
{
"date": "2015-09-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06266"
},
{
"date": "2015-09-30T00:00:00",
"db": "VULHUB",
"id": "VHN-85257"
},
{
"date": "2015-09-30T00:00:00",
"db": "VULMON",
"id": "CVE-2015-7296"
},
{
"date": "2015-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004933"
},
{
"date": "2015-09-30T18:24:51.120000",
"db": "NVD",
"id": "CVE-2015-7296"
},
{
"date": "2015-09-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-391"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-391"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Securifi Almond routers contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#906576"
}
],
"trust": 0.8
}
}
VAR-201509-0480
Vulnerability from variot - Updated: 2023-12-18 12:57Cross-site request forgery (CSRF) vulnerability on Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M allows remote attackers to hijack the authentication of arbitrary users. Securifi Almond, firmware version AL1-R200-L302-W33 and earlier, and Securifi Almond 2015, firmware version AL2-R088 and earlier, contain multiple vulnerabilities. Securifi Almond is a wireless router product from Securifi. Securifi Almond and Almond 2015 are prone to the following security vulnerabilities: 1. A Predictable Random Number Generator Weakness. 2. An information-disclosure vulnerability 3. Insecure Default Password Vulnerability 4. A cross-site request-forgery vulnerability. 5. A security-bypass vulnerability. An attacker can exploit these issues to bypass security restrictions and perform certain unauthorized actions, brute-force attacks, bypass-authentication mechanisms, or gain access to potentially sensitive information. This may lead to further attacks. A remote attacker could exploit this vulnerability to perform unauthorized operations
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201509-0480",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "almond-2015",
"scope": "lte",
"trust": 1.0,
"vendor": "securifi",
"version": "al2-r088"
},
{
"model": "almond",
"scope": "lte",
"trust": 1.0,
"vendor": "securifi",
"version": "al1-r201exp10-l304-w33"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "securifi",
"version": null
},
{
"model": "almond",
"scope": null,
"trust": 0.8,
"vendor": "securifi",
"version": null
},
{
"model": "almond 2015",
"scope": null,
"trust": 0.8,
"vendor": "securifi",
"version": null
},
{
"model": "almond 2015",
"scope": "lt",
"trust": 0.8,
"vendor": "securifi",
"version": "al2-r088m"
},
{
"model": "almond",
"scope": "lt",
"trust": 0.8,
"vendor": "securifi",
"version": "al1-r201exp10-l304-w34"
},
{
"model": "almond \u003cal1-r201exp10-l304-w34",
"scope": null,
"trust": 0.6,
"vendor": "securifi",
"version": null
},
{
"model": "almond-2015 \u003cal2-r088m",
"scope": null,
"trust": 0.6,
"vendor": "securifi",
"version": null
},
{
"model": "almond",
"scope": "eq",
"trust": 0.6,
"vendor": "securifi",
"version": "al1-r201exp10-l304-w33"
},
{
"model": "almond-2015",
"scope": "eq",
"trust": 0.6,
"vendor": "securifi",
"version": "al2-r088"
},
{
"model": "almond al2-r088",
"scope": "eq",
"trust": 0.3,
"vendor": "securifi",
"version": "2015"
},
{
"model": "almond al1-r200-l302-w33",
"scope": null,
"trust": 0.3,
"vendor": "securifi",
"version": null
},
{
"model": "almond al2-r088m",
"scope": "ne",
"trust": 0.3,
"vendor": "securifi",
"version": "2015"
},
{
"model": "almond al1-r201exp10-l304-w",
"scope": "ne",
"trust": 0.3,
"vendor": "securifi",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "CNVD",
"id": "CNVD-2015-06095"
},
{
"db": "BID",
"id": "76701"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004894"
},
{
"db": "NVD",
"id": "CVE-2015-2916"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-202"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:securifi:almond-2015_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "al2-r088",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:securifi:almond-2015:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:securifi:almond_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "al1-r201exp10-l304-w33",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:securifi:almond:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2916"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Joel Land of the CERT/CC",
"sources": [
{
"db": "BID",
"id": "76701"
}
],
"trust": 0.3
},
"cve": "CVE-2015-2916",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-2916",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-06095",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-80877",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-2916",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-06095",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-202",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-80877",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06095"
},
{
"db": "VULHUB",
"id": "VHN-80877"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004894"
},
{
"db": "NVD",
"id": "CVE-2015-2916"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-202"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability on Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M allows remote attackers to hijack the authentication of arbitrary users. Securifi Almond, firmware version AL1-R200-L302-W33 and earlier, and Securifi Almond 2015, firmware version AL2-R088 and earlier, contain multiple vulnerabilities. Securifi Almond is a wireless router product from Securifi. Securifi Almond and Almond 2015 are prone to the following security vulnerabilities:\n1. A Predictable Random Number Generator Weakness. \n2. An information-disclosure vulnerability\n3. Insecure Default Password Vulnerability\n4. A cross-site request-forgery vulnerability. \n5. A security-bypass vulnerability. \nAn attacker can exploit these issues to bypass security restrictions and perform certain unauthorized actions, brute-force attacks, bypass-authentication mechanisms, or gain access to potentially sensitive information. This may lead to further attacks. A remote attacker could exploit this vulnerability to perform unauthorized operations",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2916"
},
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004894"
},
{
"db": "CNVD",
"id": "CNVD-2015-06095"
},
{
"db": "BID",
"id": "76701"
},
{
"db": "VULHUB",
"id": "VHN-80877"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#906576",
"trust": 4.2
},
{
"db": "NVD",
"id": "CVE-2015-2916",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVNVU99004652",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004894",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201509-202",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-06095",
"trust": 0.6
},
{
"db": "BID",
"id": "76701",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-80877",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "CNVD",
"id": "CNVD-2015-06095"
},
{
"db": "VULHUB",
"id": "VHN-80877"
},
{
"db": "BID",
"id": "76701"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004894"
},
{
"db": "NVD",
"id": "CVE-2015-2916"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-202"
}
]
},
"id": "VAR-201509-0480",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06095"
},
{
"db": "VULHUB",
"id": "VHN-80877"
}
],
"trust": 1.409893045
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06095"
}
]
},
"last_update_date": "2023-12-18T12:57:41.948000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.securifi.com/almond"
},
{
"title": "Patch for Securifi Almond Cross-Site Request Forgery Vulnerability (CNVD-2015-06095)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/64198"
},
{
"title": "AL1-R201EXP10-L304-W34",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=57700"
},
{
"title": "AL2-R088m",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=57701"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06095"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004894"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-202"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80877"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004894"
},
{
"db": "NVD",
"id": "CVE-2015-2916"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.kb.cert.org/vuls/id/906576"
},
{
"trust": 1.7,
"url": "http://www.securifi.com/almond"
},
{
"trust": 1.4,
"url": "https://firmware.securifi.com/al1/al1-r201exp10-l304-w34"
},
{
"trust": 1.4,
"url": "https://firmware.securifi.com/al2/al2-r088m"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/330.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/319.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2916"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99004652/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2916"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "CNVD",
"id": "CNVD-2015-06095"
},
{
"db": "VULHUB",
"id": "VHN-80877"
},
{
"db": "BID",
"id": "76701"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004894"
},
{
"db": "NVD",
"id": "CVE-2015-2916"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-202"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "CNVD",
"id": "CNVD-2015-06095"
},
{
"db": "VULHUB",
"id": "VHN-80877"
},
{
"db": "BID",
"id": "76701"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004894"
},
{
"db": "NVD",
"id": "CVE-2015-2916"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-202"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-10T00:00:00",
"db": "CERT/CC",
"id": "VU#906576"
},
{
"date": "2015-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06095"
},
{
"date": "2015-09-21T00:00:00",
"db": "VULHUB",
"id": "VHN-80877"
},
{
"date": "2015-09-10T00:00:00",
"db": "BID",
"id": "76701"
},
{
"date": "2015-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004894"
},
{
"date": "2015-09-21T10:59:04.303000",
"db": "NVD",
"id": "CVE-2015-2916"
},
{
"date": "2015-09-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-202"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-15T00:00:00",
"db": "CERT/CC",
"id": "VU#906576"
},
{
"date": "2015-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06095"
},
{
"date": "2015-09-30T00:00:00",
"db": "VULHUB",
"id": "VHN-80877"
},
{
"date": "2015-09-10T00:00:00",
"db": "BID",
"id": "76701"
},
{
"date": "2015-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004894"
},
{
"date": "2015-09-30T18:19:18.363000",
"db": "NVD",
"id": "CVE-2015-2916"
},
{
"date": "2015-09-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-202"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-202"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Securifi Almond routers contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#906576"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-202"
}
],
"trust": 0.6
}
}
VAR-201906-0778
Vulnerability from variot - Updated: 2023-12-18 12:00An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of executing various actions on the web management interface. It seems that the device does not implement any Origin header check which allows an attacker who can trick a user to navigate to an attacker's webpage to exploit this issue and brute force the password for the web management interface. It also allows an attacker to then execute any other actions which include management if rules, sensors attached to the devices using the websocket requests. Securifi Almond , Almond+ , Almond 2015 An information disclosure vulnerability exists in the device firmware.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Securifi Almond is a wireless router with a touch screen. The vulnerability stems from the fact that the program does not check the Origin field in the request header. An attacker could exploit this vulnerability to brute force passwords and perform arbitrary operations
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0778",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "almond 2015",
"scope": "eq",
"trust": 1.8,
"vendor": "securifi",
"version": "al-r096"
},
{
"model": "almond",
"scope": "eq",
"trust": 1.8,
"vendor": "securifi",
"version": "al-r096"
},
{
"model": "almond\\+",
"scope": "eq",
"trust": 1.0,
"vendor": "securifi",
"version": "al-r096"
},
{
"model": "almond+",
"scope": "eq",
"trust": 0.8,
"vendor": "securifi",
"version": "al-r096"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014541"
},
{
"db": "NVD",
"id": "CVE-2017-8337"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:securifi:almond_2015_firmware:al-r096:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:securifi:almond_2015:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:securifi:almond\\+firmware:al-r096:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:securifi:almond\\+:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:securifi:almond_firmware:al-r096:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:securifi:almond:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-8337"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mandar Satam",
"sources": [
{
"db": "PACKETSTORM",
"id": "153227"
}
],
"trust": 0.1
},
"cve": "CVE-2017-8337",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-8337",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-116540",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-8337",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-8337",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201705-019",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-116540",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-8337",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-116540"
},
{
"db": "VULMON",
"id": "CVE-2017-8337"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014541"
},
{
"db": "NVD",
"id": "CVE-2017-8337"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-019"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of executing various actions on the web management interface. It seems that the device does not implement any Origin header check which allows an attacker who can trick a user to navigate to an attacker\u0027s webpage to exploit this issue and brute force the password for the web management interface. It also allows an attacker to then execute any other actions which include management if rules, sensors attached to the devices using the websocket requests. Securifi Almond , Almond+ , Almond 2015 An information disclosure vulnerability exists in the device firmware.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Securifi Almond is a wireless router with a touch screen. The vulnerability stems from the fact that the program does not check the Origin field in the request header. An attacker could exploit this vulnerability to brute force passwords and perform arbitrary operations",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-8337"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014541"
},
{
"db": "VULHUB",
"id": "VHN-116540"
},
{
"db": "VULMON",
"id": "CVE-2017-8337"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-8337",
"trust": 2.7
},
{
"db": "PACKETSTORM",
"id": "153227",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014541",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201705-019",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-116540",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-8337",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-116540"
},
{
"db": "VULMON",
"id": "CVE-2017-8337"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014541"
},
{
"db": "PACKETSTORM",
"id": "153227"
},
{
"db": "NVD",
"id": "CVE-2017-8337"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-019"
}
]
},
"id": "VAR-201906-0778",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-116540"
}
],
"trust": 0.7204481933333333
},
"last_update_date": "2023-12-18T12:00:04.378000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "almondplus",
"trust": 0.8,
"url": "https://www.securifi.com/ja/almondplus"
},
{
"title": "almond-2015",
"trust": 0.8,
"url": "https://www.securifi.com/ja/almond-2015"
},
{
"title": "almond",
"trust": 0.8,
"url": "https://www.securifi.com/ja/almond"
},
{
"title": "Securifi Almond Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=93909"
},
{
"title": "IoT_vulnerabilities",
"trust": 0.1,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-8337"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014541"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-019"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-116540"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014541"
},
{
"db": "NVD",
"id": "CVE-2017-8337"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities/blob/master/securifi_almond_plus_sec_issues.pdf"
},
{
"trust": 1.8,
"url": "https://seclists.org/bugtraq/2019/jun/8"
},
{
"trust": 1.8,
"url": "http://packetstormsecurity.com/files/153227/securifi-almond-2015-buffer-overflow-command-injection-xss-csrf.html"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8337"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8337"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8330"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8333"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8335"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8329"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8328"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8331"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8336"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8334"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8332"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-116540"
},
{
"db": "VULMON",
"id": "CVE-2017-8337"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014541"
},
{
"db": "PACKETSTORM",
"id": "153227"
},
{
"db": "NVD",
"id": "CVE-2017-8337"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-019"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-116540"
},
{
"db": "VULMON",
"id": "CVE-2017-8337"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014541"
},
{
"db": "PACKETSTORM",
"id": "153227"
},
{
"db": "NVD",
"id": "CVE-2017-8337"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-019"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-18T00:00:00",
"db": "VULHUB",
"id": "VHN-116540"
},
{
"date": "2019-06-18T00:00:00",
"db": "VULMON",
"id": "CVE-2017-8337"
},
{
"date": "2019-06-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014541"
},
{
"date": "2019-06-07T15:06:02",
"db": "PACKETSTORM",
"id": "153227"
},
{
"date": "2019-06-18T21:15:09.963000",
"db": "NVD",
"id": "CVE-2017-8337"
},
{
"date": "2017-04-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-019"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-21T00:00:00",
"db": "VULHUB",
"id": "VHN-116540"
},
{
"date": "2019-06-21T00:00:00",
"db": "VULMON",
"id": "CVE-2017-8337"
},
{
"date": "2019-06-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014541"
},
{
"date": "2019-06-21T15:17:57.257000",
"db": "NVD",
"id": "CVE-2017-8337"
},
{
"date": "2019-06-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-019"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-019"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Securifi Almond Information Disclosure Vulnerability in Device Firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014541"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-019"
}
],
"trust": 0.6
}
}
VAR-201906-0769
Vulnerability from variot - Updated: 2023-12-18 12:00An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of changing the administrative password for the web management interface. It seems that the device does not implement any cross site request forgery protection mechanism which allows an attacker to trick a user who is logged in to the web management interface to change a user's password. Also this is a systemic issue. Securifi Almond , Almond+ , Almond 2015 The device firmware contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SecurifiAlmond is a wireless router with a touch screen. A server-side request forgery vulnerability exists in SecurifiAlmond, Almond+, and Almond2015 using AL-R096 firmware, which can be exploited by remote attackers to trick users into modifying user passwords
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0769",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "almond 2015",
"scope": "eq",
"trust": 1.8,
"vendor": "securifi",
"version": "al-r096"
},
{
"model": "almond",
"scope": "eq",
"trust": 1.8,
"vendor": "securifi",
"version": "al-r096"
},
{
"model": "almond\\+",
"scope": "eq",
"trust": 1.0,
"vendor": "securifi",
"version": "al-r096"
},
{
"model": "almond+",
"scope": "eq",
"trust": 0.8,
"vendor": "securifi",
"version": "al-r096"
},
{
"model": "almond+ al-r096",
"scope": null,
"trust": 0.6,
"vendor": "securifi",
"version": null
},
{
"model": "almond-2015 al-r096",
"scope": null,
"trust": 0.6,
"vendor": "securifi",
"version": null
},
{
"model": "almond al-r096",
"scope": null,
"trust": 0.6,
"vendor": "securifi",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18747"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014542"
},
{
"db": "NVD",
"id": "CVE-2017-8328"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:securifi:almond_2015_firmware:al-r096:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:securifi:almond_2015:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:securifi:almond\\+firmware:al-r096:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:securifi:almond\\+:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:securifi:almond_firmware:al-r096:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:securifi:almond:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-8328"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mandar Satam",
"sources": [
{
"db": "PACKETSTORM",
"id": "153227"
}
],
"trust": 0.1
},
"cve": "CVE-2017-8328",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-8328",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2019-18747",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-116531",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-8328",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-8328",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-18747",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-713",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-116531",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-8328",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18747"
},
{
"db": "VULHUB",
"id": "VHN-116531"
},
{
"db": "VULMON",
"id": "CVE-2017-8328"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014542"
},
{
"db": "NVD",
"id": "CVE-2017-8328"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-713"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of changing the administrative password for the web management interface. It seems that the device does not implement any cross site request forgery protection mechanism which allows an attacker to trick a user who is logged in to the web management interface to change a user\u0027s password. Also this is a systemic issue. Securifi Almond , Almond+ , Almond 2015 The device firmware contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SecurifiAlmond is a wireless router with a touch screen. A server-side request forgery vulnerability exists in SecurifiAlmond, Almond+, and Almond2015 using AL-R096 firmware, which can be exploited by remote attackers to trick users into modifying user passwords",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-8328"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014542"
},
{
"db": "CNVD",
"id": "CNVD-2019-18747"
},
{
"db": "VULHUB",
"id": "VHN-116531"
},
{
"db": "VULMON",
"id": "CVE-2017-8328"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-8328",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "153227",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014542",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-18747",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201906-713",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-116531",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-8328",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18747"
},
{
"db": "VULHUB",
"id": "VHN-116531"
},
{
"db": "VULMON",
"id": "CVE-2017-8328"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014542"
},
{
"db": "PACKETSTORM",
"id": "153227"
},
{
"db": "NVD",
"id": "CVE-2017-8328"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-713"
}
]
},
"id": "VAR-201906-0769",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18747"
},
{
"db": "VULHUB",
"id": "VHN-116531"
}
],
"trust": 1.426814366
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18747"
}
]
},
"last_update_date": "2023-12-18T12:00:04.343000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "almond",
"trust": 0.8,
"url": "https://www.securifi.com/ja/almond"
},
{
"title": "almondplus",
"trust": 0.8,
"url": "https://www.securifi.com/ja/almondplus"
},
{
"title": "almond-2015",
"trust": 0.8,
"url": "https://www.securifi.com/ja/almond-2015"
},
{
"title": "SecurifiAlmond server side request forgery vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/164219"
},
{
"title": "Securifi Almond Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=93898"
},
{
"title": "IoT_vulnerabilities",
"trust": 0.1,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18747"
},
{
"db": "VULMON",
"id": "CVE-2017-8328"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014542"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-713"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-116531"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014542"
},
{
"db": "NVD",
"id": "CVE-2017-8328"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities/blob/master/securifi_almond_plus_sec_issues.pdf"
},
{
"trust": 2.4,
"url": "https://seclists.org/bugtraq/2019/jun/8"
},
{
"trust": 2.4,
"url": "http://packetstormsecurity.com/files/153227/securifi-almond-2015-buffer-overflow-command-injection-xss-csrf.html"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8328"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8328"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8330"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8333"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8335"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8329"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8337"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8331"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8336"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8334"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8332"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18747"
},
{
"db": "VULHUB",
"id": "VHN-116531"
},
{
"db": "VULMON",
"id": "CVE-2017-8328"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014542"
},
{
"db": "PACKETSTORM",
"id": "153227"
},
{
"db": "NVD",
"id": "CVE-2017-8328"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-713"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-18747"
},
{
"db": "VULHUB",
"id": "VHN-116531"
},
{
"db": "VULMON",
"id": "CVE-2017-8328"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014542"
},
{
"db": "PACKETSTORM",
"id": "153227"
},
{
"db": "NVD",
"id": "CVE-2017-8328"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-713"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-18747"
},
{
"date": "2019-06-18T00:00:00",
"db": "VULHUB",
"id": "VHN-116531"
},
{
"date": "2019-06-18T00:00:00",
"db": "VULMON",
"id": "CVE-2017-8328"
},
{
"date": "2019-06-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014542"
},
{
"date": "2019-06-07T15:06:02",
"db": "PACKETSTORM",
"id": "153227"
},
{
"date": "2019-06-18T21:15:09.713000",
"db": "NVD",
"id": "CVE-2017-8328"
},
{
"date": "2019-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-713"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-18747"
},
{
"date": "2019-06-21T00:00:00",
"db": "VULHUB",
"id": "VHN-116531"
},
{
"date": "2019-06-21T00:00:00",
"db": "VULMON",
"id": "CVE-2017-8328"
},
{
"date": "2019-06-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014542"
},
{
"date": "2019-06-21T13:37:13.800000",
"db": "NVD",
"id": "CVE-2017-8328"
},
{
"date": "2019-06-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-713"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-713"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Securifi Almond Device firmware cross-site request forgery vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014542"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-713"
}
],
"trust": 0.6
}
}
VAR-201906-0771
Vulnerability from variot - Updated: 2023-12-18 12:00An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a UPnP functionality for devices to interface with the router and interact with the device. It seems that the "NewInMessage" SOAP parameter passed with a huge payload results in crashing the process. If the firmware version AL-R096 is dissected using binwalk tool, we obtain a cpio-root archive which contains the filesystem set up on the device that contains all the binaries. The binary "miniupnpd" is the one that has the vulnerable function that receives the values sent by the SOAP request. If we open this binary in IDA-pro we will notice that this follows a MIPS little endian format. The function WscDevPutMessage at address 0x0041DBB8 in IDA pro is identified to be receiving the values sent in the SOAP request. The SOAP parameter "NewInMesage" received at address 0x0041DC30 causes the miniupnpd process to finally crash when a second request is sent to the same process. Securifi Almond , Almond+ , Almond 2015 There is an input validation vulnerability in the device firmware.Service operation interruption (DoS) There is a possibility of being put into a state. Securifi Almond is a wireless router with a touch screen. An attacker can exploit this vulnerability to crash the miniupnpd process
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0771",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "almond 2015",
"scope": "eq",
"trust": 1.8,
"vendor": "securifi",
"version": "al-r096"
},
{
"model": "almond",
"scope": "eq",
"trust": 1.8,
"vendor": "securifi",
"version": "al-r096"
},
{
"model": "almond\\+",
"scope": "eq",
"trust": 1.0,
"vendor": "securifi",
"version": "al-r096"
},
{
"model": "almond+",
"scope": "eq",
"trust": 0.8,
"vendor": "securifi",
"version": "al-r096"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014538"
},
{
"db": "NVD",
"id": "CVE-2017-8330"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:securifi:almond_2015_firmware:al-r096:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:securifi:almond_2015:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:securifi:almond\\+firmware:al-r096:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:securifi:almond\\+:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:securifi:almond_firmware:al-r096:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:securifi:almond:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-8330"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mandar Satam",
"sources": [
{
"db": "PACKETSTORM",
"id": "153227"
}
],
"trust": 0.1
},
"cve": "CVE-2017-8330",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 3.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-8330",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "VHN-116533",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-8330",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-8330",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-714",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-116533",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2017-8330",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-116533"
},
{
"db": "VULMON",
"id": "CVE-2017-8330"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014538"
},
{
"db": "NVD",
"id": "CVE-2017-8330"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-714"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a UPnP functionality for devices to interface with the router and interact with the device. It seems that the \"NewInMessage\" SOAP parameter passed with a huge payload results in crashing the process. If the firmware version AL-R096 is dissected using binwalk tool, we obtain a cpio-root archive which contains the filesystem set up on the device that contains all the binaries. The binary \"miniupnpd\" is the one that has the vulnerable function that receives the values sent by the SOAP request. If we open this binary in IDA-pro we will notice that this follows a MIPS little endian format. The function WscDevPutMessage at address 0x0041DBB8 in IDA pro is identified to be receiving the values sent in the SOAP request. The SOAP parameter \"NewInMesage\" received at address 0x0041DC30 causes the miniupnpd process to finally crash when a second request is sent to the same process. Securifi Almond , Almond+ , Almond 2015 There is an input validation vulnerability in the device firmware.Service operation interruption (DoS) There is a possibility of being put into a state. Securifi Almond is a wireless router with a touch screen. An attacker can exploit this vulnerability to crash the miniupnpd process",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-8330"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014538"
},
{
"db": "VULHUB",
"id": "VHN-116533"
},
{
"db": "VULMON",
"id": "CVE-2017-8330"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-8330",
"trust": 2.7
},
{
"db": "PACKETSTORM",
"id": "153227",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014538",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201906-714",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-116533",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-8330",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-116533"
},
{
"db": "VULMON",
"id": "CVE-2017-8330"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014538"
},
{
"db": "PACKETSTORM",
"id": "153227"
},
{
"db": "NVD",
"id": "CVE-2017-8330"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-714"
}
]
},
"id": "VAR-201906-0771",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-116533"
}
],
"trust": 0.7204481933333333
},
"last_update_date": "2023-12-18T12:00:04.311000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "almond",
"trust": 0.8,
"url": "https://www.securifi.com/ja/almond"
},
{
"title": "almondplus",
"trust": 0.8,
"url": "https://www.securifi.com/ja/almondplus"
},
{
"title": "almond-2015",
"trust": 0.8,
"url": "https://www.securifi.com/ja/almond-2015"
},
{
"title": "Securifi Almond Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=93899"
},
{
"title": "IoT_vulnerabilities",
"trust": 0.1,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-8330"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014538"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-714"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-116533"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014538"
},
{
"db": "NVD",
"id": "CVE-2017-8330"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities/blob/master/securifi_almond_plus_sec_issues.pdf"
},
{
"trust": 1.8,
"url": "https://seclists.org/bugtraq/2019/jun/8"
},
{
"trust": 1.8,
"url": "http://packetstormsecurity.com/files/153227/securifi-almond-2015-buffer-overflow-command-injection-xss-csrf.html"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8330"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8330"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8333"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8335"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8329"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8337"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8328"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8331"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8336"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8334"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8332"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-116533"
},
{
"db": "VULMON",
"id": "CVE-2017-8330"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014538"
},
{
"db": "PACKETSTORM",
"id": "153227"
},
{
"db": "NVD",
"id": "CVE-2017-8330"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-714"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-116533"
},
{
"db": "VULMON",
"id": "CVE-2017-8330"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014538"
},
{
"db": "PACKETSTORM",
"id": "153227"
},
{
"db": "NVD",
"id": "CVE-2017-8330"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-714"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-18T00:00:00",
"db": "VULHUB",
"id": "VHN-116533"
},
{
"date": "2019-06-18T00:00:00",
"db": "VULMON",
"id": "CVE-2017-8330"
},
{
"date": "2019-06-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014538"
},
{
"date": "2019-06-07T15:06:02",
"db": "PACKETSTORM",
"id": "153227"
},
{
"date": "2019-06-18T21:15:09.777000",
"db": "NVD",
"id": "CVE-2017-8330"
},
{
"date": "2019-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-714"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-21T00:00:00",
"db": "VULHUB",
"id": "VHN-116533"
},
{
"date": "2019-06-21T00:00:00",
"db": "VULMON",
"id": "CVE-2017-8330"
},
{
"date": "2019-06-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014538"
},
{
"date": "2019-06-21T15:07:43.997000",
"db": "NVD",
"id": "CVE-2017-8330"
},
{
"date": "2019-06-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-714"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-714"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Securifi Almond Vulnerability related to input validation in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014538"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-714"
}
],
"trust": 0.6
}
}
VAR-201906-0770
Vulnerability from variot - Updated: 2023-12-18 12:00An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of setting a name for the wireless network. These values are stored by the device in NVRAM (Non-volatile RAM). It seems that the POST parameters passed in this request to set up names on the device do not have a string length check on them. This allows an attacker to send a large payload in the "mssid_1" POST parameter. The device also allows a user to view the name of the Wifi Network set by the user. While processing this request, the device calls a function at address 0x00412CE4 (routerSummary) in the binary "webServer" located in Almond folder, which retrieves the value set earlier by "mssid_1" parameter as SSID2 and this value then results in overflowing the stack set up for this function and allows an attacker to control $ra register value on the stack which allows an attacker to control the device by executing a payload of an attacker's choice. If the firmware version AL-R096 is dissected using binwalk tool, we obtain a cpio-root archive which contains the filesystem set up on the device that contains all the binaries. The binary "goahead" is the one that has the vulnerable function that receives the values sent by the POST request. If we open this binary in IDA-pro we will notice that this follows a MIPS little endian format. The function sub_00420F38 in IDA pro is identified to be receiving the values sent in the POST parameter "mssid_1" at address 0x0042BA00 and then sets in the NVRAM at address 0x0042C314. The value is later retrieved in the function at address 0x00412EAC and this results in overflowing the buffer as the function copies the value directly on the stack. Securifi Almond , Almond+ , Almond 2015 The device firmware contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SecurifiAlmond is a wireless router with a touch screen. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0770",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "almond 2015",
"scope": "eq",
"trust": 1.8,
"vendor": "securifi",
"version": "al-r096"
},
{
"model": "almond",
"scope": "eq",
"trust": 1.8,
"vendor": "securifi",
"version": "al-r096"
},
{
"model": "almond\\+",
"scope": "eq",
"trust": 1.0,
"vendor": "securifi",
"version": "al-r096"
},
{
"model": "almond+",
"scope": "eq",
"trust": 0.8,
"vendor": "securifi",
"version": "al-r096"
},
{
"model": "almond+ al-r096",
"scope": null,
"trust": 0.6,
"vendor": "securifi",
"version": null
},
{
"model": "almond-2015 al-r096",
"scope": null,
"trust": 0.6,
"vendor": "securifi",
"version": null
},
{
"model": "almond al-r096",
"scope": null,
"trust": 0.6,
"vendor": "securifi",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18744"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014513"
},
{
"db": "NVD",
"id": "CVE-2017-8329"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:securifi:almond_2015_firmware:al-r096:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:securifi:almond_2015:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:securifi:almond\\+firmware:al-r096:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:securifi:almond\\+:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:securifi:almond_firmware:al-r096:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:securifi:almond:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-8329"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mandar Satam",
"sources": [
{
"db": "PACKETSTORM",
"id": "153227"
}
],
"trust": 0.1
},
"cve": "CVE-2017-8329",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-8329",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.2,
"id": "CNVD-2019-18744",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-116532",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.4,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-8329",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-8329",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-18744",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-709",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-116532",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-8329",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18744"
},
{
"db": "VULHUB",
"id": "VHN-116532"
},
{
"db": "VULMON",
"id": "CVE-2017-8329"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014513"
},
{
"db": "NVD",
"id": "CVE-2017-8329"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-709"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of setting a name for the wireless network. These values are stored by the device in NVRAM (Non-volatile RAM). It seems that the POST parameters passed in this request to set up names on the device do not have a string length check on them. This allows an attacker to send a large payload in the \"mssid_1\" POST parameter. The device also allows a user to view the name of the Wifi Network set by the user. While processing this request, the device calls a function at address 0x00412CE4 (routerSummary) in the binary \"webServer\" located in Almond folder, which retrieves the value set earlier by \"mssid_1\" parameter as SSID2 and this value then results in overflowing the stack set up for this function and allows an attacker to control $ra register value on the stack which allows an attacker to control the device by executing a payload of an attacker\u0027s choice. If the firmware version AL-R096 is dissected using binwalk tool, we obtain a cpio-root archive which contains the filesystem set up on the device that contains all the binaries. The binary \"goahead\" is the one that has the vulnerable function that receives the values sent by the POST request. If we open this binary in IDA-pro we will notice that this follows a MIPS little endian format. The function sub_00420F38 in IDA pro is identified to be receiving the values sent in the POST parameter \"mssid_1\" at address 0x0042BA00 and then sets in the NVRAM at address 0x0042C314. The value is later retrieved in the function at address 0x00412EAC and this results in overflowing the buffer as the function copies the value directly on the stack. Securifi Almond , Almond+ , Almond 2015 The device firmware contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SecurifiAlmond is a wireless router with a touch screen. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-8329"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014513"
},
{
"db": "CNVD",
"id": "CNVD-2019-18744"
},
{
"db": "VULHUB",
"id": "VHN-116532"
},
{
"db": "VULMON",
"id": "CVE-2017-8329"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-8329",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "153227",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014513",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201906-709",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-18744",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-116532",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-8329",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18744"
},
{
"db": "VULHUB",
"id": "VHN-116532"
},
{
"db": "VULMON",
"id": "CVE-2017-8329"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014513"
},
{
"db": "PACKETSTORM",
"id": "153227"
},
{
"db": "NVD",
"id": "CVE-2017-8329"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-709"
}
]
},
"id": "VAR-201906-0770",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18744"
},
{
"db": "VULHUB",
"id": "VHN-116532"
}
],
"trust": 1.426814366
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18744"
}
]
},
"last_update_date": "2023-12-18T12:00:04.276000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Almond",
"trust": 0.8,
"url": "https://www.securifi.com/ja/almond"
},
{
"title": "SecurifiAlmond Buffer Overflow Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/164225"
},
{
"title": "Securifi Almond Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=93894"
},
{
"title": "IoT_vulnerabilities",
"trust": 0.1,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18744"
},
{
"db": "VULMON",
"id": "CVE-2017-8329"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014513"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-709"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-116532"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014513"
},
{
"db": "NVD",
"id": "CVE-2017-8329"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://seclists.org/bugtraq/2019/jun/8"
},
{
"trust": 2.4,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities/blob/master/securifi_almond_plus_sec_issues.pdf"
},
{
"trust": 2.4,
"url": "http://packetstormsecurity.com/files/153227/securifi-almond-2015-buffer-overflow-command-injection-xss-csrf.html"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8329"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8329"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8330"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8333"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8335"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8337"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8328"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8331"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8336"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8334"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8332"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18744"
},
{
"db": "VULHUB",
"id": "VHN-116532"
},
{
"db": "VULMON",
"id": "CVE-2017-8329"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014513"
},
{
"db": "PACKETSTORM",
"id": "153227"
},
{
"db": "NVD",
"id": "CVE-2017-8329"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-709"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-18744"
},
{
"db": "VULHUB",
"id": "VHN-116532"
},
{
"db": "VULMON",
"id": "CVE-2017-8329"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014513"
},
{
"db": "PACKETSTORM",
"id": "153227"
},
{
"db": "NVD",
"id": "CVE-2017-8329"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-709"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-18744"
},
{
"date": "2019-06-18T00:00:00",
"db": "VULHUB",
"id": "VHN-116532"
},
{
"date": "2019-06-18T00:00:00",
"db": "VULMON",
"id": "CVE-2017-8329"
},
{
"date": "2019-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014513"
},
{
"date": "2019-06-07T15:06:02",
"db": "PACKETSTORM",
"id": "153227"
},
{
"date": "2019-06-18T20:15:11.750000",
"db": "NVD",
"id": "CVE-2017-8329"
},
{
"date": "2019-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-709"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-18744"
},
{
"date": "2019-06-20T00:00:00",
"db": "VULHUB",
"id": "VHN-116532"
},
{
"date": "2019-06-20T00:00:00",
"db": "VULMON",
"id": "CVE-2017-8329"
},
{
"date": "2019-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014513"
},
{
"date": "2019-06-20T20:43:48.137000",
"db": "NVD",
"id": "CVE-2017-8329"
},
{
"date": "2019-06-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-709"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-709"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Securifi Device firmware buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014513"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-709"
}
],
"trust": 0.6
}
}
VAR-201906-0772
Vulnerability from variot - Updated: 2023-12-18 12:00An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of adding new port forwarding rules to the device. It seems that the POST parameters passed in this request to set up routes on the device can be set in such a way that would result in passing commands to a "system" API in the function and thus result in command injection on the device. If the firmware version AL-R096 is dissected using binwalk tool, we obtain a cpio-root archive which contains the filesystem set up on the device that contains all the binaries. The binary "goahead" is the one that has the vulnerable function that recieves the values sent by the POST request. If we open this binary in IDA-pro we will notice that this follows a MIPS little endian format. The function sub_43C280in IDA pro is identified to be receiving the values sent in the POST request and the value set in POST parameter "ip_address" is extracted at address 0x0043C2F0. The POST parameter "ipaddress" is concatenated at address 0x0043C958 and this is passed to a "system" function at address 0x00437284. This allows an attacker to provide the payload of his/her choice and finally take control of the device. Securifi Almond , Almond+ , Almond 2015 The device firmware contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SecurifiAlmond is a wireless router with a touch screen
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0772",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "almond 2015",
"scope": "eq",
"trust": 1.8,
"vendor": "securifi",
"version": "al-r096"
},
{
"model": "almond",
"scope": "eq",
"trust": 1.8,
"vendor": "securifi",
"version": "al-r096"
},
{
"model": "almond\\+",
"scope": "eq",
"trust": 1.0,
"vendor": "securifi",
"version": "al-r096"
},
{
"model": "almond+",
"scope": "eq",
"trust": 0.8,
"vendor": "securifi",
"version": "al-r096"
},
{
"model": "almond+ al-r096",
"scope": null,
"trust": 0.6,
"vendor": "securifi",
"version": null
},
{
"model": "almond-2015 al-r096",
"scope": null,
"trust": 0.6,
"vendor": "securifi",
"version": null
},
{
"model": "almond al-r096",
"scope": null,
"trust": 0.6,
"vendor": "securifi",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18745"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014536"
},
{
"db": "NVD",
"id": "CVE-2017-8331"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:securifi:almond_2015_firmware:al-r096:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:securifi:almond_2015:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:securifi:almond\\+firmware:al-r096:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:securifi:almond\\+:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:securifi:almond_firmware:al-r096:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:securifi:almond:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-8331"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mandar Satam",
"sources": [
{
"db": "PACKETSTORM",
"id": "153227"
}
],
"trust": 0.1
},
"cve": "CVE-2017-8331",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-8331",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2019-18745",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-116534",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-8331",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-8331",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-18745",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-711",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-116534",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-8331",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18745"
},
{
"db": "VULHUB",
"id": "VHN-116534"
},
{
"db": "VULMON",
"id": "CVE-2017-8331"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014536"
},
{
"db": "NVD",
"id": "CVE-2017-8331"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-711"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of adding new port forwarding rules to the device. It seems that the POST parameters passed in this request to set up routes on the device can be set in such a way that would result in passing commands to a \"system\" API in the function and thus result in command injection on the device. If the firmware version AL-R096 is dissected using binwalk tool, we obtain a cpio-root archive which contains the filesystem set up on the device that contains all the binaries. The binary \"goahead\" is the one that has the vulnerable function that recieves the values sent by the POST request. If we open this binary in IDA-pro we will notice that this follows a MIPS little endian format. The function sub_43C280in IDA pro is identified to be receiving the values sent in the POST request and the value set in POST parameter \"ip_address\" is extracted at address 0x0043C2F0. The POST parameter \"ipaddress\" is concatenated at address 0x0043C958 and this is passed to a \"system\" function at address 0x00437284. This allows an attacker to provide the payload of his/her choice and finally take control of the device. Securifi Almond , Almond+ , Almond 2015 The device firmware contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SecurifiAlmond is a wireless router with a touch screen",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-8331"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014536"
},
{
"db": "CNVD",
"id": "CNVD-2019-18745"
},
{
"db": "VULHUB",
"id": "VHN-116534"
},
{
"db": "VULMON",
"id": "CVE-2017-8331"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-8331",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "153227",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014536",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201906-711",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-18745",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-116534",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-8331",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18745"
},
{
"db": "VULHUB",
"id": "VHN-116534"
},
{
"db": "VULMON",
"id": "CVE-2017-8331"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014536"
},
{
"db": "PACKETSTORM",
"id": "153227"
},
{
"db": "NVD",
"id": "CVE-2017-8331"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-711"
}
]
},
"id": "VAR-201906-0772",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18745"
},
{
"db": "VULHUB",
"id": "VHN-116534"
}
],
"trust": 1.426814366
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18745"
}
]
},
"last_update_date": "2023-12-18T12:00:04.237000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "almond",
"trust": 0.8,
"url": "https://www.securifi.com/ja/almond"
},
{
"title": "almondplus",
"trust": 0.8,
"url": "https://www.securifi.com/ja/almondplus"
},
{
"title": "almond-2015",
"trust": 0.8,
"url": "https://www.securifi.com/ja/almond-2015"
},
{
"title": "Patch for SecurifiAlmond Command Injection Vulnerability (CNVD-2019-18745)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/164223"
},
{
"title": "Securifi Almond Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=93896"
},
{
"title": "IoT_vulnerabilities",
"trust": 0.1,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18745"
},
{
"db": "VULMON",
"id": "CVE-2017-8331"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014536"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-711"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-116534"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014536"
},
{
"db": "NVD",
"id": "CVE-2017-8331"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities/blob/master/securifi_almond_plus_sec_issues.pdf"
},
{
"trust": 2.4,
"url": "https://seclists.org/bugtraq/2019/jun/8"
},
{
"trust": 2.4,
"url": "http://packetstormsecurity.com/files/153227/securifi-almond-2015-buffer-overflow-command-injection-xss-csrf.html"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8331"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8331"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/77.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8330"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8333"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8335"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8329"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8337"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8328"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8336"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8334"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8332"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18745"
},
{
"db": "VULHUB",
"id": "VHN-116534"
},
{
"db": "VULMON",
"id": "CVE-2017-8331"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014536"
},
{
"db": "PACKETSTORM",
"id": "153227"
},
{
"db": "NVD",
"id": "CVE-2017-8331"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-711"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-18745"
},
{
"db": "VULHUB",
"id": "VHN-116534"
},
{
"db": "VULMON",
"id": "CVE-2017-8331"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014536"
},
{
"db": "PACKETSTORM",
"id": "153227"
},
{
"db": "NVD",
"id": "CVE-2017-8331"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-711"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-18745"
},
{
"date": "2019-06-18T00:00:00",
"db": "VULHUB",
"id": "VHN-116534"
},
{
"date": "2019-06-18T00:00:00",
"db": "VULMON",
"id": "CVE-2017-8331"
},
{
"date": "2019-06-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014536"
},
{
"date": "2019-06-07T15:06:02",
"db": "PACKETSTORM",
"id": "153227"
},
{
"date": "2019-06-18T20:15:11.813000",
"db": "NVD",
"id": "CVE-2017-8331"
},
{
"date": "2019-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-711"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-18745"
},
{
"date": "2019-06-21T00:00:00",
"db": "VULHUB",
"id": "VHN-116534"
},
{
"date": "2019-06-21T00:00:00",
"db": "VULMON",
"id": "CVE-2017-8331"
},
{
"date": "2019-06-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014536"
},
{
"date": "2019-06-21T14:50:49.677000",
"db": "NVD",
"id": "CVE-2017-8331"
},
{
"date": "2019-06-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-711"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-711"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Securifi Almond Command injection vulnerability in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014536"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-711"
}
],
"trust": 0.6
}
}
VAR-201906-0776
Vulnerability from variot - Updated: 2023-12-18 12:00An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of setting name for wireless network. These values are stored by the device in NVRAM (Non-volatile RAM). It seems that the POST parameters passed in this request to set up names on the device do not have a string length check on them. This allows an attacker to send a large payload in the "mssid_1" POST parameter. The device also allows a user to view the name of the Wifi Network set by the user. While processing this request, the device calls a function named "getCfgToHTML" at address 0x004268A8 which retrieves the value set earlier by "mssid_1" parameter as SSID2 and this value then results in overflowing the stack set up for this function and allows an attacker to control $ra register value on the stack which allows an attacker to control the device by executing a payload of an attacker's choice. If the firmware version AL-R096 is dissected using binwalk tool, we obtain a cpio-root archive which contains the filesystem set up on the device that contains all the binaries. The binary "goahead" is the one that has the vulnerable function that recieves the values sent by the POST request. If we open this binary in IDA-pro we will notice that this follows a MIPS little endian format. The function sub_00420F38 in IDA pro is identified to be receiving the values sent in the POST parameter "mssid_1" at address 0x0042BA00 and then sets in the NVRAM at address 0x0042C314. The value is later retrieved in the function "getCfgToHTML" at address 0x00426924 and this results in overflowing the buffer due to "strcat" function that is utilized by this function. Securifi Almond , Almond+ , Almond 2015 The device firmware contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SecurifiAlmond is a wireless router with a touch screen. A buffer overflow vulnerability exists in SecurifiAlmond, Almond+, and getCfgToHTML in Almond 2015 using AL-R096 firmware, which can be exploited by an attacker to cause a buffer overflow or heap overflow. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0776",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "almond 2015",
"scope": "eq",
"trust": 1.8,
"vendor": "securifi",
"version": "al-r096"
},
{
"model": "almond",
"scope": "eq",
"trust": 1.8,
"vendor": "securifi",
"version": "al-r096"
},
{
"model": "almond\\+",
"scope": "eq",
"trust": 1.0,
"vendor": "securifi",
"version": "al-r096"
},
{
"model": "almond+",
"scope": "eq",
"trust": 0.8,
"vendor": "securifi",
"version": "al-r096"
},
{
"model": "almond+ al-r096",
"scope": null,
"trust": 0.6,
"vendor": "securifi",
"version": null
},
{
"model": "almond-2015 al-r096",
"scope": null,
"trust": 0.6,
"vendor": "securifi",
"version": null
},
{
"model": "almond al-r096",
"scope": null,
"trust": 0.6,
"vendor": "securifi",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18743"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014512"
},
{
"db": "NVD",
"id": "CVE-2017-8335"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:securifi:almond_2015_firmware:al-r096:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:securifi:almond_2015:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:securifi:almond\\+firmware:al-r096:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:securifi:almond\\+:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:securifi:almond_firmware:al-r096:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:securifi:almond:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-8335"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mandar Satam",
"sources": [
{
"db": "PACKETSTORM",
"id": "153227"
}
],
"trust": 0.1
},
"cve": "CVE-2017-8335",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-8335",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2019-18743",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "VHN-116538",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.0,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-8335",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-8335",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-18743",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-707",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-116538",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-8335",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18743"
},
{
"db": "VULHUB",
"id": "VHN-116538"
},
{
"db": "VULMON",
"id": "CVE-2017-8335"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014512"
},
{
"db": "NVD",
"id": "CVE-2017-8335"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-707"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of setting name for wireless network. These values are stored by the device in NVRAM (Non-volatile RAM). It seems that the POST parameters passed in this request to set up names on the device do not have a string length check on them. This allows an attacker to send a large payload in the \"mssid_1\" POST parameter. The device also allows a user to view the name of the Wifi Network set by the user. While processing this request, the device calls a function named \"getCfgToHTML\" at address 0x004268A8 which retrieves the value set earlier by \"mssid_1\" parameter as SSID2 and this value then results in overflowing the stack set up for this function and allows an attacker to control $ra register value on the stack which allows an attacker to control the device by executing a payload of an attacker\u0027s choice. If the firmware version AL-R096 is dissected using binwalk tool, we obtain a cpio-root archive which contains the filesystem set up on the device that contains all the binaries. The binary \"goahead\" is the one that has the vulnerable function that recieves the values sent by the POST request. If we open this binary in IDA-pro we will notice that this follows a MIPS little endian format. The function sub_00420F38 in IDA pro is identified to be receiving the values sent in the POST parameter \"mssid_1\" at address 0x0042BA00 and then sets in the NVRAM at address 0x0042C314. The value is later retrieved in the function \"getCfgToHTML\" at address 0x00426924 and this results in overflowing the buffer due to \"strcat\" function that is utilized by this function. Securifi Almond , Almond+ , Almond 2015 The device firmware contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SecurifiAlmond is a wireless router with a touch screen. A buffer overflow vulnerability exists in SecurifiAlmond, Almond+, and getCfgToHTML in Almond 2015 using AL-R096 firmware, which can be exploited by an attacker to cause a buffer overflow or heap overflow. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-8335"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014512"
},
{
"db": "CNVD",
"id": "CNVD-2019-18743"
},
{
"db": "VULHUB",
"id": "VHN-116538"
},
{
"db": "VULMON",
"id": "CVE-2017-8335"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-8335",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "153227",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014512",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201906-707",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-18743",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-116538",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-8335",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18743"
},
{
"db": "VULHUB",
"id": "VHN-116538"
},
{
"db": "VULMON",
"id": "CVE-2017-8335"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014512"
},
{
"db": "PACKETSTORM",
"id": "153227"
},
{
"db": "NVD",
"id": "CVE-2017-8335"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-707"
}
]
},
"id": "VAR-201906-0776",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18743"
},
{
"db": "VULHUB",
"id": "VHN-116538"
}
],
"trust": 1.426814366
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18743"
}
]
},
"last_update_date": "2023-12-18T12:00:04.197000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Almond",
"trust": 0.8,
"url": "https://www.securifi.com/ja/almond"
},
{
"title": "Patch for SecurifiAlmond Buffer Overflow Vulnerability (CNVD-2019-18743)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/164227"
},
{
"title": "Securifi Almond Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=93892"
},
{
"title": "IoT_vulnerabilities",
"trust": 0.1,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18743"
},
{
"db": "VULMON",
"id": "CVE-2017-8335"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014512"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-707"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-116538"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014512"
},
{
"db": "NVD",
"id": "CVE-2017-8335"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://seclists.org/bugtraq/2019/jun/8"
},
{
"trust": 2.4,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities/blob/master/securifi_almond_plus_sec_issues.pdf"
},
{
"trust": 2.4,
"url": "http://packetstormsecurity.com/files/153227/securifi-almond-2015-buffer-overflow-command-injection-xss-csrf.html"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8335"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8335"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8330"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8333"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8329"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8337"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8328"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8331"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8336"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8334"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8332"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18743"
},
{
"db": "VULHUB",
"id": "VHN-116538"
},
{
"db": "VULMON",
"id": "CVE-2017-8335"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014512"
},
{
"db": "PACKETSTORM",
"id": "153227"
},
{
"db": "NVD",
"id": "CVE-2017-8335"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-707"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-18743"
},
{
"db": "VULHUB",
"id": "VHN-116538"
},
{
"db": "VULMON",
"id": "CVE-2017-8335"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014512"
},
{
"db": "PACKETSTORM",
"id": "153227"
},
{
"db": "NVD",
"id": "CVE-2017-8335"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-707"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-18743"
},
{
"date": "2019-06-18T00:00:00",
"db": "VULHUB",
"id": "VHN-116538"
},
{
"date": "2019-06-18T00:00:00",
"db": "VULMON",
"id": "CVE-2017-8335"
},
{
"date": "2019-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014512"
},
{
"date": "2019-06-07T15:06:02",
"db": "PACKETSTORM",
"id": "153227"
},
{
"date": "2019-06-18T19:15:10.763000",
"db": "NVD",
"id": "CVE-2017-8335"
},
{
"date": "2019-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-707"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-18743"
},
{
"date": "2019-06-20T00:00:00",
"db": "VULHUB",
"id": "VHN-116538"
},
{
"date": "2019-06-20T00:00:00",
"db": "VULMON",
"id": "CVE-2017-8335"
},
{
"date": "2019-06-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014512"
},
{
"date": "2019-06-20T20:55:22.747000",
"db": "NVD",
"id": "CVE-2017-8335"
},
{
"date": "2019-06-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-707"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-707"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Securifi Device firmware buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014512"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-707"
}
],
"trust": 0.6
}
}
VAR-201906-0775
Vulnerability from variot - Updated: 2023-12-18 12:00An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of blocking IP addresses using the web management interface. It seems that the device does not implement any cross-site scripting forgery protection mechanism which allows an attacker to trick a user who is logged in to the web management interface into executing a cross-site scripting payload on the user's browser and execute any action on the device provided by the web management interface. Securifi Almond , Almond+ , Almond 2015 The device firmware contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SecurifiAlmond is a wireless router with a touch screen. A cross-site scripting vulnerability exists in SecurifiAlmond, Almond+, and Almond2015 with AL-R096 firmware that can be exploited by remote attackers to control devices as an admin user, execute arbitrary code, or change user passwords
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0775",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "almond 2015",
"scope": "eq",
"trust": 1.8,
"vendor": "securifi",
"version": "al-r096"
},
{
"model": "almond",
"scope": "eq",
"trust": 1.8,
"vendor": "securifi",
"version": "al-r096"
},
{
"model": "almond\\+",
"scope": "eq",
"trust": 1.0,
"vendor": "securifi",
"version": "al-r096"
},
{
"model": "almond+",
"scope": "eq",
"trust": 0.8,
"vendor": "securifi",
"version": "al-r096"
},
{
"model": "almond+ al-r096",
"scope": null,
"trust": 0.6,
"vendor": "securifi",
"version": null
},
{
"model": "almond-2015 al-r096",
"scope": null,
"trust": 0.6,
"vendor": "securifi",
"version": null
},
{
"model": "almond al-r096",
"scope": null,
"trust": 0.6,
"vendor": "securifi",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18749"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014540"
},
{
"db": "NVD",
"id": "CVE-2017-8334"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:securifi:almond_2015_firmware:al-r096:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:securifi:almond_2015:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:securifi:almond\\+firmware:al-r096:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:securifi:almond\\+:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:securifi:almond_firmware:al-r096:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:securifi:almond:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-8334"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mandar Satam",
"sources": [
{
"db": "PACKETSTORM",
"id": "153227"
}
],
"trust": 0.1
},
"cve": "CVE-2017-8334",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-8334",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CNVD-2019-18749",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "VHN-116537",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.0,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-8334",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-8334",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-18749",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-716",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-116537",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-8334",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18749"
},
{
"db": "VULHUB",
"id": "VHN-116537"
},
{
"db": "VULMON",
"id": "CVE-2017-8334"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014540"
},
{
"db": "NVD",
"id": "CVE-2017-8334"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-716"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of blocking IP addresses using the web management interface. It seems that the device does not implement any cross-site scripting forgery protection mechanism which allows an attacker to trick a user who is logged in to the web management interface into executing a cross-site scripting payload on the user\u0027s browser and execute any action on the device provided by the web management interface. Securifi Almond , Almond+ , Almond 2015 The device firmware contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SecurifiAlmond is a wireless router with a touch screen. A cross-site scripting vulnerability exists in SecurifiAlmond, Almond+, and Almond2015 with AL-R096 firmware that can be exploited by remote attackers to control devices as an admin user, execute arbitrary code, or change user passwords",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-8334"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014540"
},
{
"db": "CNVD",
"id": "CNVD-2019-18749"
},
{
"db": "VULHUB",
"id": "VHN-116537"
},
{
"db": "VULMON",
"id": "CVE-2017-8334"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-8334",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "153227",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014540",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201906-716",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-18749",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-116537",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-8334",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18749"
},
{
"db": "VULHUB",
"id": "VHN-116537"
},
{
"db": "VULMON",
"id": "CVE-2017-8334"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014540"
},
{
"db": "PACKETSTORM",
"id": "153227"
},
{
"db": "NVD",
"id": "CVE-2017-8334"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-716"
}
]
},
"id": "VAR-201906-0775",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18749"
},
{
"db": "VULHUB",
"id": "VHN-116537"
}
],
"trust": 1.426814366
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18749"
}
]
},
"last_update_date": "2023-12-18T12:00:04.160000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "almond",
"trust": 0.8,
"url": "https://www.securifi.com/ja/almond"
},
{
"title": "almondplus",
"trust": 0.8,
"url": "https://www.securifi.com/ja/almondplus"
},
{
"title": "almond-2015",
"trust": 0.8,
"url": "https://www.securifi.com/ja/almond-2015"
},
{
"title": "Patch for SecurifiAlmond Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/164213"
},
{
"title": "Securifi Almond Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=93901"
},
{
"title": "IoT_vulnerabilities",
"trust": 0.1,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18749"
},
{
"db": "VULMON",
"id": "CVE-2017-8334"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014540"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-716"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-116537"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014540"
},
{
"db": "NVD",
"id": "CVE-2017-8334"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities/blob/master/securifi_almond_plus_sec_issues.pdf"
},
{
"trust": 2.4,
"url": "https://seclists.org/bugtraq/2019/jun/8"
},
{
"trust": 2.4,
"url": "http://packetstormsecurity.com/files/153227/securifi-almond-2015-buffer-overflow-command-injection-xss-csrf.html"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8334"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8334"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8330"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8333"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8335"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8329"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8337"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8328"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8331"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8336"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8332"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18749"
},
{
"db": "VULHUB",
"id": "VHN-116537"
},
{
"db": "VULMON",
"id": "CVE-2017-8334"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014540"
},
{
"db": "PACKETSTORM",
"id": "153227"
},
{
"db": "NVD",
"id": "CVE-2017-8334"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-716"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-18749"
},
{
"db": "VULHUB",
"id": "VHN-116537"
},
{
"db": "VULMON",
"id": "CVE-2017-8334"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014540"
},
{
"db": "PACKETSTORM",
"id": "153227"
},
{
"db": "NVD",
"id": "CVE-2017-8334"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-716"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-18749"
},
{
"date": "2019-06-18T00:00:00",
"db": "VULHUB",
"id": "VHN-116537"
},
{
"date": "2019-06-18T00:00:00",
"db": "VULMON",
"id": "CVE-2017-8334"
},
{
"date": "2019-06-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014540"
},
{
"date": "2019-06-07T15:06:02",
"db": "PACKETSTORM",
"id": "153227"
},
{
"date": "2019-06-18T21:15:09.903000",
"db": "NVD",
"id": "CVE-2017-8334"
},
{
"date": "2019-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-716"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-18749"
},
{
"date": "2019-06-21T00:00:00",
"db": "VULHUB",
"id": "VHN-116537"
},
{
"date": "2019-06-21T00:00:00",
"db": "VULMON",
"id": "CVE-2017-8334"
},
{
"date": "2019-06-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014540"
},
{
"date": "2019-06-21T01:46:19.490000",
"db": "NVD",
"id": "CVE-2017-8334"
},
{
"date": "2019-06-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-716"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-716"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Securifi Almond Device firmware cross-site request forgery vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014540"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-716"
}
],
"trust": 0.6
}
}
VAR-201906-0777
Vulnerability from variot - Updated: 2023-12-18 12:00An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of adding new routes to the device. It seems that the POST parameters passed in this request to set up routes on the device can be set in such a way that would result in overflowing the stack set up and allow an attacker to control the $ra register stored on the stack. If the firmware version AL-R096 is dissected using binwalk tool, we obtain a cpio-root archive which contains the filesystem set up on the device that contains all the binaries. The binary "goahead" is the one that has the vulnerable function that recieves the values sent by the POST request. If we open this binary in IDA-pro we will notice that this follows a MIPS little endian format. The function sub_00420F38 in IDA pro is identified to be receiving the values sent in the POST request. The POST parameter "gateway" allows to overflow the stack and control the $ra register after 1546 characters. The value from this post parameter is then copied on the stack at address 0x00421348 as shown below. This allows an attacker to provide the payload of his/her choice and finally take control of the device. Securifi Almond , Almond+ , Almond 2015 The device firmware contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Securifi Almond is a wireless router with a touch screen
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0777",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "almond 2015",
"scope": "eq",
"trust": 1.8,
"vendor": "securifi",
"version": "al-r096"
},
{
"model": "almond",
"scope": "eq",
"trust": 1.8,
"vendor": "securifi",
"version": "al-r096"
},
{
"model": "almond\\+",
"scope": "eq",
"trust": 1.0,
"vendor": "securifi",
"version": "al-r096"
},
{
"model": "almond+",
"scope": "eq",
"trust": 0.8,
"vendor": "securifi",
"version": "al-r096"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014535"
},
{
"db": "NVD",
"id": "CVE-2017-8336"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:securifi:almond_2015_firmware:al-r096:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:securifi:almond_2015:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:securifi:almond\\+firmware:al-r096:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:securifi:almond\\+:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:securifi:almond_firmware:al-r096:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:securifi:almond:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-8336"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mandar Satam",
"sources": [
{
"db": "PACKETSTORM",
"id": "153227"
}
],
"trust": 0.1
},
"cve": "CVE-2017-8336",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-8336",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-116539",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-8336",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-8336",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201705-020",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-116539",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-8336",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-116539"
},
{
"db": "VULMON",
"id": "CVE-2017-8336"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014535"
},
{
"db": "NVD",
"id": "CVE-2017-8336"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-020"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of adding new routes to the device. It seems that the POST parameters passed in this request to set up routes on the device can be set in such a way that would result in overflowing the stack set up and allow an attacker to control the $ra register stored on the stack. If the firmware version AL-R096 is dissected using binwalk tool, we obtain a cpio-root archive which contains the filesystem set up on the device that contains all the binaries. The binary \"goahead\" is the one that has the vulnerable function that recieves the values sent by the POST request. If we open this binary in IDA-pro we will notice that this follows a MIPS little endian format. The function sub_00420F38 in IDA pro is identified to be receiving the values sent in the POST request. The POST parameter \"gateway\" allows to overflow the stack and control the $ra register after 1546 characters. The value from this post parameter is then copied on the stack at address 0x00421348 as shown below. This allows an attacker to provide the payload of his/her choice and finally take control of the device. Securifi Almond , Almond+ , Almond 2015 The device firmware contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Securifi Almond is a wireless router with a touch screen",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-8336"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014535"
},
{
"db": "VULHUB",
"id": "VHN-116539"
},
{
"db": "VULMON",
"id": "CVE-2017-8336"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-8336",
"trust": 2.7
},
{
"db": "PACKETSTORM",
"id": "153227",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014535",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201705-020",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-116539",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-8336",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-116539"
},
{
"db": "VULMON",
"id": "CVE-2017-8336"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014535"
},
{
"db": "PACKETSTORM",
"id": "153227"
},
{
"db": "NVD",
"id": "CVE-2017-8336"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-020"
}
]
},
"id": "VAR-201906-0777",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-116539"
}
],
"trust": 0.7204481933333333
},
"last_update_date": "2023-12-18T12:00:04.128000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "almond",
"trust": 0.8,
"url": "https://www.securifi.com/ja/almond"
},
{
"title": "almondplus",
"trust": 0.8,
"url": "https://www.securifi.com/ja/almondplus"
},
{
"title": "almond-2015",
"trust": 0.8,
"url": "https://www.securifi.com/ja/almond-2015"
},
{
"title": "Securifi Almond Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=93910"
},
{
"title": "IoT_vulnerabilities",
"trust": 0.1,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-8336"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014535"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-020"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-116539"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014535"
},
{
"db": "NVD",
"id": "CVE-2017-8336"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities/blob/master/securifi_almond_plus_sec_issues.pdf"
},
{
"trust": 1.8,
"url": "https://seclists.org/bugtraq/2019/jun/8"
},
{
"trust": 1.8,
"url": "http://packetstormsecurity.com/files/153227/securifi-almond-2015-buffer-overflow-command-injection-xss-csrf.html"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8336"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8336"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8330"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8333"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8335"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8329"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8337"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8328"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8331"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8334"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8332"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-116539"
},
{
"db": "VULMON",
"id": "CVE-2017-8336"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014535"
},
{
"db": "PACKETSTORM",
"id": "153227"
},
{
"db": "NVD",
"id": "CVE-2017-8336"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-020"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-116539"
},
{
"db": "VULMON",
"id": "CVE-2017-8336"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014535"
},
{
"db": "PACKETSTORM",
"id": "153227"
},
{
"db": "NVD",
"id": "CVE-2017-8336"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-020"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-18T00:00:00",
"db": "VULHUB",
"id": "VHN-116539"
},
{
"date": "2019-06-18T00:00:00",
"db": "VULMON",
"id": "CVE-2017-8336"
},
{
"date": "2019-06-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014535"
},
{
"date": "2019-06-07T15:06:02",
"db": "PACKETSTORM",
"id": "153227"
},
{
"date": "2019-06-18T19:15:10.827000",
"db": "NVD",
"id": "CVE-2017-8336"
},
{
"date": "2017-04-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-020"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-21T00:00:00",
"db": "VULHUB",
"id": "VHN-116539"
},
{
"date": "2019-06-21T00:00:00",
"db": "VULMON",
"id": "CVE-2017-8336"
},
{
"date": "2019-06-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014535"
},
{
"date": "2019-06-21T13:16:55.130000",
"db": "NVD",
"id": "CVE-2017-8336"
},
{
"date": "2019-06-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-020"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-020"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Securifi Almond Device firmware buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014535"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-020"
}
],
"trust": 0.6
}
}
VAR-201906-0774
Vulnerability from variot - Updated: 2023-12-18 12:00An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of adding new routes to the device. It seems that the POST parameters passed in this request to set up routes on the device can be set in such a way that would result in passing commands to a "popen" API in the function and thus result in command injection on the device. If the firmware version AL-R096 is dissected using binwalk tool, we obtain a cpio-root archive which contains the filesystem set up on the device that contains all the binaries. The binary "goahead" is the one that has the vulnerable function that receives the values sent by the POST request. If we open this binary in IDA-pro we will notice that this follows a MIPS little endian format. The function sub_00420F38 in IDA pro is identified to be receiving the values sent in the POST request and the value set in POST parameter "dest" is extracted at address 0x00420FC4. The POST parameter "dest is concatenated in a route add command and this is passed to a "popen" function at address 0x00421220. This allows an attacker to provide the payload of his/her choice and finally take control of the device. Securifi Almond , Almond+ , Almond 2015 The device firmware contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SecurifiAlmond is a wireless router with a touch screen. The..
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0774",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "almond 2015",
"scope": "eq",
"trust": 1.8,
"vendor": "securifi",
"version": "al-r096"
},
{
"model": "almond",
"scope": "eq",
"trust": 1.8,
"vendor": "securifi",
"version": "al-r096"
},
{
"model": "almond\\+",
"scope": "eq",
"trust": 1.0,
"vendor": "securifi",
"version": "al-r096"
},
{
"model": "almond+",
"scope": "eq",
"trust": 0.8,
"vendor": "securifi",
"version": "al-r096"
},
{
"model": "almond+ al-r096",
"scope": null,
"trust": 0.6,
"vendor": "securifi",
"version": null
},
{
"model": "almond-2015 al-r096",
"scope": null,
"trust": 0.6,
"vendor": "securifi",
"version": null
},
{
"model": "almond al-r096",
"scope": null,
"trust": 0.6,
"vendor": "securifi",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18746"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014537"
},
{
"db": "NVD",
"id": "CVE-2017-8333"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:securifi:almond_2015_firmware:al-r096:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:securifi:almond_2015:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:securifi:almond\\+firmware:al-r096:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:securifi:almond\\+:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:securifi:almond_firmware:al-r096:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:securifi:almond:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-8333"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mandar Satam",
"sources": [
{
"db": "PACKETSTORM",
"id": "153227"
}
],
"trust": 0.1
},
"cve": "CVE-2017-8333",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-8333",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2019-18746",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-116536",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-8333",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-8333",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-18746",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-712",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-116536",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-8333",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18746"
},
{
"db": "VULHUB",
"id": "VHN-116536"
},
{
"db": "VULMON",
"id": "CVE-2017-8333"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014537"
},
{
"db": "NVD",
"id": "CVE-2017-8333"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-712"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of adding new routes to the device. It seems that the POST parameters passed in this request to set up routes on the device can be set in such a way that would result in passing commands to a \"popen\" API in the function and thus result in command injection on the device. If the firmware version AL-R096 is dissected using binwalk tool, we obtain a cpio-root archive which contains the filesystem set up on the device that contains all the binaries. The binary \"goahead\" is the one that has the vulnerable function that receives the values sent by the POST request. If we open this binary in IDA-pro we will notice that this follows a MIPS little endian format. The function sub_00420F38 in IDA pro is identified to be receiving the values sent in the POST request and the value set in POST parameter \"dest\" is extracted at address 0x00420FC4. The POST parameter \"dest is concatenated in a route add command and this is passed to a \"popen\" function at address 0x00421220. This allows an attacker to provide the payload of his/her choice and finally take control of the device. Securifi Almond , Almond+ , Almond 2015 The device firmware contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SecurifiAlmond is a wireless router with a touch screen. The..",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-8333"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014537"
},
{
"db": "CNVD",
"id": "CNVD-2019-18746"
},
{
"db": "VULHUB",
"id": "VHN-116536"
},
{
"db": "VULMON",
"id": "CVE-2017-8333"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-8333",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "153227",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014537",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-18746",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201906-712",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-116536",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-8333",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18746"
},
{
"db": "VULHUB",
"id": "VHN-116536"
},
{
"db": "VULMON",
"id": "CVE-2017-8333"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014537"
},
{
"db": "PACKETSTORM",
"id": "153227"
},
{
"db": "NVD",
"id": "CVE-2017-8333"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-712"
}
]
},
"id": "VAR-201906-0774",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18746"
},
{
"db": "VULHUB",
"id": "VHN-116536"
}
],
"trust": 1.426814366
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18746"
}
]
},
"last_update_date": "2023-12-18T12:00:04.093000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "almond",
"trust": 0.8,
"url": "https://www.securifi.com/ja/almond"
},
{
"title": "almondplus",
"trust": 0.8,
"url": "https://www.securifi.com/ja/almondplus"
},
{
"title": "almond-2015",
"trust": 0.8,
"url": "https://www.securifi.com/ja/almond-2015"
},
{
"title": "SecurifiAlmond command to inject vulnerability patches",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/164221"
},
{
"title": "Securifi Almond Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=93897"
},
{
"title": "IoT_vulnerabilities",
"trust": 0.1,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18746"
},
{
"db": "VULMON",
"id": "CVE-2017-8333"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014537"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-712"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-116536"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014537"
},
{
"db": "NVD",
"id": "CVE-2017-8333"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities/blob/master/securifi_almond_plus_sec_issues.pdf"
},
{
"trust": 2.4,
"url": "https://seclists.org/bugtraq/2019/jun/8"
},
{
"trust": 2.4,
"url": "http://packetstormsecurity.com/files/153227/securifi-almond-2015-buffer-overflow-command-injection-xss-csrf.html"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8333"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8333"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/77.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8330"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8335"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8329"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8337"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8328"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8331"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8336"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8334"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8332"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18746"
},
{
"db": "VULHUB",
"id": "VHN-116536"
},
{
"db": "VULMON",
"id": "CVE-2017-8333"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014537"
},
{
"db": "PACKETSTORM",
"id": "153227"
},
{
"db": "NVD",
"id": "CVE-2017-8333"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-712"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-18746"
},
{
"db": "VULHUB",
"id": "VHN-116536"
},
{
"db": "VULMON",
"id": "CVE-2017-8333"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014537"
},
{
"db": "PACKETSTORM",
"id": "153227"
},
{
"db": "NVD",
"id": "CVE-2017-8333"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-712"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-18746"
},
{
"date": "2019-06-18T00:00:00",
"db": "VULHUB",
"id": "VHN-116536"
},
{
"date": "2019-06-18T00:00:00",
"db": "VULMON",
"id": "CVE-2017-8333"
},
{
"date": "2019-06-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014537"
},
{
"date": "2019-06-07T15:06:02",
"db": "PACKETSTORM",
"id": "153227"
},
{
"date": "2019-06-18T20:15:11.860000",
"db": "NVD",
"id": "CVE-2017-8333"
},
{
"date": "2019-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-712"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-18746"
},
{
"date": "2019-06-21T00:00:00",
"db": "VULHUB",
"id": "VHN-116536"
},
{
"date": "2019-06-21T00:00:00",
"db": "VULMON",
"id": "CVE-2017-8333"
},
{
"date": "2019-06-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014537"
},
{
"date": "2019-06-21T14:46:05.347000",
"db": "NVD",
"id": "CVE-2017-8333"
},
{
"date": "2019-06-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-712"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-712"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Securifi Almond Command Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18746"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-712"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-712"
}
],
"trust": 0.6
}
}
VAR-201906-0773
Vulnerability from variot - Updated: 2023-12-18 12:00An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of blocking key words passing in the web traffic to prevent kids from watching content that might be deemed unsafe using the web management interface. It seems that the device does not implement any cross-site scripting protection mechanism which allows an attacker to trick a user who is logged in to the web management interface into executing a stored cross-site scripting payload on the user's browser and execute any action on the device provided by the web management interface. Securifi Almond , Almond+ , Almond 2015 The device firmware contains a cross-site scripting vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SecurifiAlmond is a wireless router with a touch screen. Any code or change the user password
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0773",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "almond 2015",
"scope": "eq",
"trust": 1.8,
"vendor": "securifi",
"version": "al-r096"
},
{
"model": "almond",
"scope": "eq",
"trust": 1.8,
"vendor": "securifi",
"version": "al-r096"
},
{
"model": "almond\\+",
"scope": "eq",
"trust": 1.0,
"vendor": "securifi",
"version": "al-r096"
},
{
"model": "almond+",
"scope": "eq",
"trust": 0.8,
"vendor": "securifi",
"version": "al-r096"
},
{
"model": "almond+ al-r096",
"scope": null,
"trust": 0.6,
"vendor": "securifi",
"version": null
},
{
"model": "almond-2015 al-r096",
"scope": null,
"trust": 0.6,
"vendor": "securifi",
"version": null
},
{
"model": "almond al-r096",
"scope": null,
"trust": 0.6,
"vendor": "securifi",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18748"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014539"
},
{
"db": "NVD",
"id": "CVE-2017-8332"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:securifi:almond_2015_firmware:al-r096:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:securifi:almond_2015:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:securifi:almond\\+firmware:al-r096:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:securifi:almond\\+:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:securifi:almond_firmware:al-r096:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:securifi:almond:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-8332"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mandar Satam",
"sources": [
{
"db": "PACKETSTORM",
"id": "153227"
}
],
"trust": 0.1
},
"cve": "CVE-2017-8332",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-8332",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CNVD-2019-18748",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-116535",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-8332",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-8332",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-18748",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-715",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-116535",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-8332",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18748"
},
{
"db": "VULHUB",
"id": "VHN-116535"
},
{
"db": "VULMON",
"id": "CVE-2017-8332"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014539"
},
{
"db": "NVD",
"id": "CVE-2017-8332"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-715"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of blocking key words passing in the web traffic to prevent kids from watching content that might be deemed unsafe using the web management interface. It seems that the device does not implement any cross-site scripting protection mechanism which allows an attacker to trick a user who is logged in to the web management interface into executing a stored cross-site scripting payload on the user\u0027s browser and execute any action on the device provided by the web management interface. Securifi Almond , Almond+ , Almond 2015 The device firmware contains a cross-site scripting vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SecurifiAlmond is a wireless router with a touch screen. Any code or change the user password",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-8332"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014539"
},
{
"db": "CNVD",
"id": "CNVD-2019-18748"
},
{
"db": "VULHUB",
"id": "VHN-116535"
},
{
"db": "VULMON",
"id": "CVE-2017-8332"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-8332",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "153227",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014539",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201906-715",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-18748",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-116535",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-8332",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18748"
},
{
"db": "VULHUB",
"id": "VHN-116535"
},
{
"db": "VULMON",
"id": "CVE-2017-8332"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014539"
},
{
"db": "PACKETSTORM",
"id": "153227"
},
{
"db": "NVD",
"id": "CVE-2017-8332"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-715"
}
]
},
"id": "VAR-201906-0773",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18748"
},
{
"db": "VULHUB",
"id": "VHN-116535"
}
],
"trust": 1.426814366
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18748"
}
]
},
"last_update_date": "2023-12-18T12:00:04.057000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "almond",
"trust": 0.8,
"url": "https://www.securifi.com/ja/almond"
},
{
"title": "almondplus",
"trust": 0.8,
"url": "https://www.securifi.com/ja/almondplus"
},
{
"title": "almond-2015",
"trust": 0.8,
"url": "https://www.securifi.com/ja/almond-2015"
},
{
"title": "Patch for SecurifiAlmond Cross-Site Scripting Vulnerability (CNVD-2019-18748)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/164215"
},
{
"title": "Securifi Almond Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=93900"
},
{
"title": "IoT_vulnerabilities",
"trust": 0.1,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18748"
},
{
"db": "VULMON",
"id": "CVE-2017-8332"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014539"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-715"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-116535"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014539"
},
{
"db": "NVD",
"id": "CVE-2017-8332"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities/blob/master/securifi_almond_plus_sec_issues.pdf"
},
{
"trust": 2.4,
"url": "https://seclists.org/bugtraq/2019/jun/8"
},
{
"trust": 2.4,
"url": "http://packetstormsecurity.com/files/153227/securifi-almond-2015-buffer-overflow-command-injection-xss-csrf.html"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8332"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8332"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/ethanhunnt/iot_vulnerabilities"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8330"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8333"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8335"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8329"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8337"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8328"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8331"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8336"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8334"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-18748"
},
{
"db": "VULHUB",
"id": "VHN-116535"
},
{
"db": "VULMON",
"id": "CVE-2017-8332"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014539"
},
{
"db": "PACKETSTORM",
"id": "153227"
},
{
"db": "NVD",
"id": "CVE-2017-8332"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-715"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-18748"
},
{
"db": "VULHUB",
"id": "VHN-116535"
},
{
"db": "VULMON",
"id": "CVE-2017-8332"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014539"
},
{
"db": "PACKETSTORM",
"id": "153227"
},
{
"db": "NVD",
"id": "CVE-2017-8332"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-715"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-18748"
},
{
"date": "2019-06-18T00:00:00",
"db": "VULHUB",
"id": "VHN-116535"
},
{
"date": "2019-06-18T00:00:00",
"db": "VULMON",
"id": "CVE-2017-8332"
},
{
"date": "2019-06-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014539"
},
{
"date": "2019-06-07T15:06:02",
"db": "PACKETSTORM",
"id": "153227"
},
{
"date": "2019-06-18T21:15:09.840000",
"db": "NVD",
"id": "CVE-2017-8332"
},
{
"date": "2019-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-715"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-18748"
},
{
"date": "2019-06-21T00:00:00",
"db": "VULHUB",
"id": "VHN-116535"
},
{
"date": "2019-06-21T00:00:00",
"db": "VULMON",
"id": "CVE-2017-8332"
},
{
"date": "2019-06-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014539"
},
{
"date": "2019-06-21T14:55:40.503000",
"db": "NVD",
"id": "CVE-2017-8332"
},
{
"date": "2019-06-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-715"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-715"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Securifi Almond Cross-site scripting vulnerability in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014539"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-715"
}
],
"trust": 0.6
}
}