Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-7296 | 1 Securifi | 4 Almond, Almond-2015, Almond-2015 Firmware and 1 more | 2015-09-30 | 4.3 MEDIUM | N/A |
Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a linear algorithm for selecting the ID value in the header of a DNS query performed on behalf of the device itself, which makes it easier for remote attackers to spoof responses by including this ID value, as demonstrated by a response containing the address of the firmware update server, a different vulnerability than CVE-2015-2914. | |||||
CVE-2015-2915 | 1 Securifi | 4 Almond, Almond-2015, Almond-2015 Firmware and 1 more | 2015-09-30 | 7.3 HIGH | N/A |
Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M have a default password of admin for the admin account, which allows remote attackers to obtain web-management access by leveraging the ability to authenticate from the intranet. | |||||
CVE-2015-2916 | 1 Securifi | 4 Almond, Almond-2015, Almond-2015 Firmware and 1 more | 2015-09-30 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability on Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M allows remote attackers to hijack the authentication of arbitrary users. | |||||
CVE-2015-2917 | 1 Securifi | 4 Almond, Almond-2015, Almond-2015 Firmware and 1 more | 2015-09-30 | 4.3 MEDIUM | N/A |
Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M unintentionally omit the X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site that contains a (1) FRAME, (2) IFRAME, or (3) OBJECT element. | |||||
CVE-2015-2914 | 1 Securifi | 4 Almond, Almond-2015, Almond-2015 Firmware and 1 more | 2015-09-30 | 5.0 MEDIUM | N/A |
Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a fixed source-port number in outbound DNS queries performed on behalf of any device, which makes it easier for remote attackers to spoof responses by using this number for the destination port, a different vulnerability than CVE-2015-7296. |