VYPR

Almond Firmware

by Securifi

CVEs (5)

  • CVE-2015-7296Sep 21, 2015
    risk 0.00cvss epss 0.01

    Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a linear algorithm for selecting the ID value in the header of a DNS query performed on behalf of the device itself, which makes it easier for remote…

  • CVE-2015-2917Sep 21, 2015
    risk 0.00cvss epss 0.01

    Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M unintentionally omit the X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site that…

  • CVE-2015-2916Sep 21, 2015
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability on Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M allows remote attackers to hijack the authentication of arbitrary users.

  • CVE-2015-2915Sep 21, 2015
    risk 0.00cvss epss 0.01

    Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M have a default password of admin for the admin account, which allows remote attackers to obtain web-management access by leveraging the ability to…

  • CVE-2015-2914Sep 21, 2015
    risk 0.00cvss epss 0.02

    Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a fixed source-port number in outbound DNS queries performed on behalf of any device, which makes it easier for remote attackers to spoof responses by…