CVE-2017-8331
Description
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of adding new port forwarding rules to the device. It seems that the POST parameters passed in this request to set up routes on the device can be set in such a way that would result in passing commands to a "system" API in the function and thus result in command injection on the device. If the firmware version AL-R096 is dissected using binwalk tool, we obtain a cpio-root archive which contains the filesystem set up on the device that contains all the binaries. The binary "goahead" is the one that has the vulnerable function that recieves the values sent by the POST request. If we open this binary in IDA-pro we will notice that this follows a MIPS little endian format. The function sub_43C280in IDA pro is identified to be receiving the values sent in the POST request and the value set in POST parameter "ip_address" is extracted at address 0x0043C2F0. The POST parameter "ipaddress" is concatenated at address 0x0043C958 and this is passed to a "system" function at address 0x00437284. This allows an attacker to provide the payload of his/her choice and finally take control of the device.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Command injection in Securifi Almond firmware AL-R096 via ip_address parameter allows remote attackers to execute arbitrary commands.
Vulnerability
A command injection vulnerability exists in the Securifi Almond, Almond+, and Almond 2015 devices running firmware AL-R096. The goahead web server processes POST requests to add port forwarding rules. The ip_address parameter is concatenated into a string that is passed to the system() function at address 0x00437284, allowing arbitrary command execution. The affected binary is MIPS little-endian, and the vulnerable code path is in function sub_43C280 [1].
Exploitation
An attacker can send a crafted POST request to the device's web interface, likely without authentication, to set the ip_address parameter to a value containing shell metacharacters. For example, appending a command after a semicolon results in execution of that command on the device. The attacker must have network access to the device's management interface [1].
Impact
Successful exploitation allows an attacker to execute arbitrary commands with root privileges on the device, leading to full compromise of the device. This can be used to modify configuration, exfiltrate data, or launch further attacks from the compromised device [1].
Mitigation
As of the publication date 2019-06-18, no official patch or firmware update has been released to address this vulnerability. Users should consider replacing affected devices with those that receive security updates or restrict network access to the management interface to trusted hosts only [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Securifi/Almonddescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- packetstormsecurity.com/files/153227/Securifi-Almond-2015-Buffer-Overflow-Command-Injection-XSS-CSRF.htmlmitrex_refsource_MISC
- github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Securifi_Almond_plus_sec_issues.pdfmitrex_refsource_MISC
- seclists.org/bugtraq/2019/Jun/8mitremailing-listx_refsource_BUGTRAQ
News mentions
0No linked articles in our index yet.