Almond

CVEs (15)

CVE	Vendor / Product	Risk	CVSS	EPSS	Published	Description
CVE-2017-8331	Securifi Almond	0.01	—	0.13	Jun 18, 2019	An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of adding new port forwarding rules to the device. It seems that the POST parameters passed in this request to set up routes on the…
CVE-2017-8333	Securifi Almond	0.01	—	0.15	Jun 18, 2019	An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of adding new routes to the device. It seems that the POST parameters passed in this request to set up routes on the device can be…
CVE-2017-8337	Securifi Almond	0.00	—	0.02	Jun 18, 2019	An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of executing various actions on the web management interface. It seems that the device does not implement any Origin header check…
CVE-2017-8330	Securifi Almond	0.00	—	0.01	Jun 18, 2019	An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a UPnP functionality for devices to interface with the router and interact with the device. It seems that the "NewInMessage" SOAP parameter passed with a huge…
CVE-2017-8332	Securifi Almond	0.00	—	0.03	Jun 18, 2019	An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of blocking key words passing in the web traffic to prevent kids from watching content that might be deemed unsafe using the web…
CVE-2017-8334	Securifi Almond	0.00	—	0.00	Jun 18, 2019	An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of blocking IP addresses using the web management interface. It seems that the device does not implement any cross-site scripting…
CVE-2017-8328	Securifi Almond	0.00	—	0.01	Jun 18, 2019	An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of changing the administrative password for the web management interface. It seems that the device does not implement any cross site…
CVE-2017-8329	Securifi Almond	0.00	—	0.02	Jun 18, 2019	An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of setting a name for the wireless network. These values are stored by the device in NVRAM (Non-volatile RAM). It seems that the…
CVE-2017-8335	Securifi Almond	0.00	—	0.01	Jun 18, 2019	An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of setting name for wireless network. These values are stored by the device in NVRAM (Non-volatile RAM). It seems that the POST…
CVE-2017-8336	Securifi Almond	0.00	—	0.02	Jun 18, 2019	An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of adding new routes to the device. It seems that the POST parameters passed in this request to set up routes on the device can be…
CVE-2015-7296	Securifi Almond Firmware	0.00	—	0.01	Sep 21, 2015	Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a linear algorithm for selecting the ID value in the header of a DNS query performed on behalf of the device itself, which makes it easier for remote…
CVE-2015-2917	Securifi Almond Firmware	0.00	—	0.01	Sep 21, 2015	Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M unintentionally omit the X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site that…
CVE-2015-2916	Securifi Almond Firmware	0.00	—	0.00	Sep 21, 2015	Cross-site request forgery (CSRF) vulnerability on Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M allows remote attackers to hijack the authentication of arbitrary users.
CVE-2015-2915	Securifi Almond Firmware	0.00	—	0.00	Sep 21, 2015	Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M have a default password of admin for the admin account, which allows remote attackers to obtain web-management access by leveraging the ability to…
CVE-2015-2914	Securifi Almond Firmware	0.00	—	0.01	Sep 21, 2015	Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a fixed source-port number in outbound DNS queries performed on behalf of any device, which makes it easier for remote attackers to spoof responses by…

CVE-2017-8331Jun 18, 2019
Securifi
Almond
risk 0.01cvss —epss 0.13
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of adding new port forwarding rules to the device. It seems that the POST parameters passed in this request to set up routes on the…
CVE-2017-8333Jun 18, 2019
Securifi
Almond
risk 0.01cvss —epss 0.15
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of adding new routes to the device. It seems that the POST parameters passed in this request to set up routes on the device can be…
CVE-2017-8337Jun 18, 2019
Securifi
Almond
risk 0.00cvss —epss 0.02
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of executing various actions on the web management interface. It seems that the device does not implement any Origin header check…
CVE-2017-8330Jun 18, 2019
Securifi
Almond
risk 0.00cvss —epss 0.01
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a UPnP functionality for devices to interface with the router and interact with the device. It seems that the "NewInMessage" SOAP parameter passed with a huge…
CVE-2017-8332Jun 18, 2019
Securifi
Almond
risk 0.00cvss —epss 0.03
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of blocking key words passing in the web traffic to prevent kids from watching content that might be deemed unsafe using the web…
CVE-2017-8334Jun 18, 2019
Securifi
Almond
risk 0.00cvss —epss 0.00
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of blocking IP addresses using the web management interface. It seems that the device does not implement any cross-site scripting…
CVE-2017-8328Jun 18, 2019
Securifi
Almond
risk 0.00cvss —epss 0.01
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of changing the administrative password for the web management interface. It seems that the device does not implement any cross site…
CVE-2017-8329Jun 18, 2019
Securifi
Almond
risk 0.00cvss —epss 0.02
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of setting a name for the wireless network. These values are stored by the device in NVRAM (Non-volatile RAM). It seems that the…
CVE-2017-8335Jun 18, 2019
Securifi
Almond
risk 0.00cvss —epss 0.01
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of setting name for wireless network. These values are stored by the device in NVRAM (Non-volatile RAM). It seems that the POST…
CVE-2017-8336Jun 18, 2019
Securifi
Almond
risk 0.00cvss —epss 0.02
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of adding new routes to the device. It seems that the POST parameters passed in this request to set up routes on the device can be…
CVE-2015-7296Sep 21, 2015
Securifi
Almond Firmware
risk 0.00cvss —epss 0.01
Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a linear algorithm for selecting the ID value in the header of a DNS query performed on behalf of the device itself, which makes it easier for remote…
CVE-2015-2917Sep 21, 2015
Securifi
Almond Firmware
risk 0.00cvss —epss 0.01
Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M unintentionally omit the X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site that…
CVE-2015-2916Sep 21, 2015
Securifi
Almond Firmware
risk 0.00cvss —epss 0.00
Cross-site request forgery (CSRF) vulnerability on Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M allows remote attackers to hijack the authentication of arbitrary users.
CVE-2015-2915Sep 21, 2015
Securifi
Almond Firmware
risk 0.00cvss —epss 0.00
Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M have a default password of admin for the admin account, which allows remote attackers to obtain web-management access by leveraging the ability to…
CVE-2015-2914Sep 21, 2015
Securifi
Almond Firmware
risk 0.00cvss —epss 0.01
Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a fixed source-port number in outbound DNS queries performed on behalf of any device, which makes it easier for remote attackers to spoof responses by…