Search

Find a vulnerability

Search criteria

    5 vulnerabilities found for almond-2015 by securifi

    VAR-201509-0479

    Vulnerability from variot - Updated: 2025-04-13 23:03

    Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M have a default password of admin for the admin account, which allows remote attackers to obtain web-management access by leveraging the ability to authenticate from the intranet. admin To use a password, Web There is a vulnerability that gains administrative access.By using an authentication function from an intranet by a third party, Web You may get administrative access. Securifi Almond is a wireless router product from Securifi. Securifi Almond uses a default password, which has a cross-site request forgery vulnerability that allows remote attackers to build malicious URIs, entice users to resolve, and perform malicious actions in the target user context. Securifi Almond and Almond 2015 are prone to the following security vulnerabilities: 1. A Predictable Random Number Generator Weakness. 2. An information-disclosure vulnerability 3. Insecure Default Password Vulnerability 4. A cross-site request-forgery vulnerability. 5. A security-bypass vulnerability. An attacker can exploit these issues to bypass security restrictions and perform certain unauthorized actions, brute-force attacks, bypass-authentication mechanisms, or gain access to potentially sensitive information. This may lead to further attacks. A remote attacker authenticated on the intranet can exploit this vulnerability to gain access to web-management

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201509-0479",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "almond-2015",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "securifi",
            "version": "al2-r088"
          },
          {
            "model": "almond",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "securifi",
            "version": "al1-r201exp10-l304-w33"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "securifi",
            "version": null
          },
          {
            "model": "almond",
            "scope": null,
            "trust": 0.8,
            "vendor": "securifi",
            "version": null
          },
          {
            "model": "almond 2015",
            "scope": null,
            "trust": 0.8,
            "vendor": "securifi",
            "version": null
          },
          {
            "model": "almond 2015",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "securifi",
            "version": "al2-r088m"
          },
          {
            "model": "almond",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "securifi",
            "version": "al1-r201exp10-l304-w34"
          },
          {
            "model": "almond \u003cal1-r201exp10-l304-w34",
            "scope": null,
            "trust": 0.6,
            "vendor": "securifi",
            "version": null
          },
          {
            "model": "almond-2015 \u003cal2-r088m",
            "scope": null,
            "trust": 0.6,
            "vendor": "securifi",
            "version": null
          },
          {
            "model": "almond",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "securifi",
            "version": "al1-r201exp10-l304-w33"
          },
          {
            "model": "almond-2015",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "securifi",
            "version": "al2-r088"
          },
          {
            "model": "almond al2-r088",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "securifi",
            "version": "2015"
          },
          {
            "model": "almond al1-r200-l302-w33",
            "scope": null,
            "trust": 0.3,
            "vendor": "securifi",
            "version": null
          },
          {
            "model": "almond al2-r088m",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "securifi",
            "version": "2015"
          },
          {
            "model": "almond al1-r201exp10-l304-w",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "securifi",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#906576"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-06093"
          },
          {
            "db": "BID",
            "id": "76701"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004893"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201509-201"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-2915"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:securifi:almond",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:securifi:almond-2015",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:securifi:almond-2015_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:securifi:almond_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004893"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Joel Land of the CERT/CC",
        "sources": [
          {
            "db": "BID",
            "id": "76701"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2015-2915",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.5,
                "id": "CVE-2015-2915",
                "impactScore": 8.5,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.5,
                "id": "CNVD-2015-06093",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.5,
                "id": "VHN-80876",
                "impactScore": 8.5,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:A/AC:L/AU:N/C:P/I:P/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-2915",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2015-2915",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-06093",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201509-201",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-80876",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-06093"
          },
          {
            "db": "VULHUB",
            "id": "VHN-80876"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004893"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201509-201"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-2915"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M have a default password of admin for the admin account, which allows remote attackers to obtain web-management access by leveraging the ability to authenticate from the intranet. admin To use a password, Web There is a vulnerability that gains administrative access.By using an authentication function from an intranet by a third party, Web You may get administrative access. Securifi Almond is a wireless router product from Securifi. Securifi Almond uses a default password, which has a cross-site request forgery vulnerability that allows remote attackers to build malicious URIs, entice users to resolve, and perform malicious actions in the target user context. Securifi Almond and Almond 2015 are prone to the following security vulnerabilities:\n1. A Predictable Random Number Generator Weakness. \n2. An information-disclosure vulnerability\n3. Insecure Default Password Vulnerability\n4. A cross-site request-forgery vulnerability. \n5. A security-bypass vulnerability. \nAn attacker can exploit these issues to  bypass security restrictions  and perform certain unauthorized actions,  brute-force attacks,  bypass-authentication mechanisms, or gain access to  potentially  sensitive information. This may lead to further attacks. A remote attacker authenticated on the intranet can exploit this vulnerability to gain access to web-management",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-2915"
          },
          {
            "db": "CERT/CC",
            "id": "VU#906576"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004893"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-06093"
          },
          {
            "db": "BID",
            "id": "76701"
          },
          {
            "db": "VULHUB",
            "id": "VHN-80876"
          }
        ],
        "trust": 3.24
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#906576",
            "trust": 4.2
          },
          {
            "db": "NVD",
            "id": "CVE-2015-2915",
            "trust": 3.4
          },
          {
            "db": "JVN",
            "id": "JVNVU99004652",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004893",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201509-201",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-06093",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "76701",
            "trust": 0.3
          },
          {
            "db": "VULHUB",
            "id": "VHN-80876",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#906576"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-06093"
          },
          {
            "db": "VULHUB",
            "id": "VHN-80876"
          },
          {
            "db": "BID",
            "id": "76701"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004893"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201509-201"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-2915"
          }
        ]
      },
      "id": "VAR-201509-0479",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-06093"
          },
          {
            "db": "VULHUB",
            "id": "VHN-80876"
          }
        ],
        "trust": 1.3571700766666668
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-06093"
          }
        ]
      },
      "last_update_date": "2025-04-13T23:03:49.472000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.securifi.com/almond"
          },
          {
            "title": "Patch of Securifi Almond cross-site request forgery vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/64195"
          },
          {
            "title": "AL1-R201EXP10-L304-W34",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57700"
          },
          {
            "title": "AL2-R088m",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57701"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-06093"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004893"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201509-201"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-255",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-80876"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004893"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-2915"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "http://www.kb.cert.org/vuls/id/906576"
          },
          {
            "trust": 1.7,
            "url": "http://www.securifi.com/almond"
          },
          {
            "trust": 1.4,
            "url": "https://firmware.securifi.com/al1/al1-r201exp10-l304-w34"
          },
          {
            "trust": 1.4,
            "url": "https://firmware.securifi.com/al2/al2-r088m"
          },
          {
            "trust": 0.8,
            "url": "https://cwe.mitre.org/data/definitions/330.html"
          },
          {
            "trust": 0.8,
            "url": "https://cwe.mitre.org/data/definitions/319.html"
          },
          {
            "trust": 0.8,
            "url": "https://cwe.mitre.org/data/definitions/255.html"
          },
          {
            "trust": 0.8,
            "url": "https://cwe.mitre.org/data/definitions/352.html"
          },
          {
            "trust": 0.8,
            "url": "https://cwe.mitre.org/data/definitions/20.html"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2915"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu99004652/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2915"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#906576"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-06093"
          },
          {
            "db": "VULHUB",
            "id": "VHN-80876"
          },
          {
            "db": "BID",
            "id": "76701"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004893"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201509-201"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-2915"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#906576"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-06093"
          },
          {
            "db": "VULHUB",
            "id": "VHN-80876"
          },
          {
            "db": "BID",
            "id": "76701"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004893"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201509-201"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-2915"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-09-10T00:00:00",
            "db": "CERT/CC",
            "id": "VU#906576"
          },
          {
            "date": "2015-09-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-06093"
          },
          {
            "date": "2015-09-21T00:00:00",
            "db": "VULHUB",
            "id": "VHN-80876"
          },
          {
            "date": "2015-09-10T00:00:00",
            "db": "BID",
            "id": "76701"
          },
          {
            "date": "2015-09-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-004893"
          },
          {
            "date": "2015-09-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201509-201"
          },
          {
            "date": "2015-09-21T10:59:03.257000",
            "db": "NVD",
            "id": "CVE-2015-2915"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-09-15T00:00:00",
            "db": "CERT/CC",
            "id": "VU#906576"
          },
          {
            "date": "2015-09-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-06093"
          },
          {
            "date": "2015-09-30T00:00:00",
            "db": "VULHUB",
            "id": "VHN-80876"
          },
          {
            "date": "2015-09-10T00:00:00",
            "db": "BID",
            "id": "76701"
          },
          {
            "date": "2015-09-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-004893"
          },
          {
            "date": "2015-09-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201509-201"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2015-2915"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "specific network environment",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201509-201"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Securifi Almond routers contains multiple vulnerabilities",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#906576"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201509-201"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201509-0478

    Vulnerability from variot - Updated: 2025-04-13 23:03

    Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a fixed source-port number in outbound DNS queries performed on behalf of any device, which makes it easier for remote attackers to spoof responses by using this number for the destination port, a different vulnerability than CVE-2015-7296. Securifi Almond, firmware version AL1-R200-L302-W33 and earlier, and Securifi Almond 2015, firmware version AL2-R088 and earlier, contain multiple vulnerabilities. This vulnerability CVE-2015-7296 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-330: Use of Insufficiently Random Values ( Insufficient random value used ) Has been identified. http://cwe.mitre.org/data/definitions/330.htmlIf a third party uses a fixed source port number for the destination port, the response may be spoofed. Securifi Almond is a wireless router product from Securifi. Securifi Almond and Almond 2015 are prone to the following security vulnerabilities: 1. A Predictable Random Number Generator Weakness. 2. Insecure Default Password Vulnerability 4. 5. An attacker can exploit these issues to bypass security restrictions and perform certain unauthorized actions, brute-force attacks, bypass-authentication mechanisms, or gain access to potentially sensitive information. This may lead to further attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201509-0478",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "almond-2015",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "securifi",
            "version": "al2-r088"
          },
          {
            "model": "almond",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "securifi",
            "version": "al1-r201exp10-l304-w33"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "securifi",
            "version": null
          },
          {
            "model": "almond",
            "scope": null,
            "trust": 0.8,
            "vendor": "securifi",
            "version": null
          },
          {
            "model": "almond 2015",
            "scope": null,
            "trust": 0.8,
            "vendor": "securifi",
            "version": null
          },
          {
            "model": "almond 2015",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "securifi",
            "version": "al2-r088m"
          },
          {
            "model": "almond",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "securifi",
            "version": "al1-r201exp10-l304-w34"
          },
          {
            "model": "almond \u003cal1-r201exp10-l304-w34",
            "scope": null,
            "trust": 0.6,
            "vendor": "securifi",
            "version": null
          },
          {
            "model": "almond-2015 \u003cal2-r088m",
            "scope": null,
            "trust": 0.6,
            "vendor": "securifi",
            "version": null
          },
          {
            "model": "almond",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "securifi",
            "version": "al1-r201exp10-l304-w33"
          },
          {
            "model": "almond-2015",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "securifi",
            "version": "al2-r088"
          },
          {
            "model": "almond al2-r088",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "securifi",
            "version": "2015"
          },
          {
            "model": "almond al1-r200-l302-w33",
            "scope": null,
            "trust": 0.3,
            "vendor": "securifi",
            "version": null
          },
          {
            "model": "almond al2-r088m",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "securifi",
            "version": "2015"
          },
          {
            "model": "almond al1-r201exp10-l304-w",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "securifi",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#906576"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-06092"
          },
          {
            "db": "BID",
            "id": "76701"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004892"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201509-200"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-2914"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:securifi:almond",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:securifi:almond-2015",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:securifi:almond-2015_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:securifi:almond_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004892"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Joel Land of the CERT/CC",
        "sources": [
          {
            "db": "BID",
            "id": "76701"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2015-2914",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2015-2914",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2015-06092",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-80875",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-2914",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2015-2914",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-06092",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201509-200",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-80875",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-06092"
          },
          {
            "db": "VULHUB",
            "id": "VHN-80875"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004892"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201509-200"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-2914"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a fixed source-port number in outbound DNS queries performed on behalf of any device, which makes it easier for remote attackers to spoof responses by using this number for the destination port, a different vulnerability than CVE-2015-7296. Securifi Almond, firmware version AL1-R200-L302-W33 and earlier, and Securifi Almond 2015, firmware version AL2-R088 and earlier, contain multiple vulnerabilities. This vulnerability CVE-2015-7296 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-330: Use of Insufficiently Random Values ( Insufficient random value used ) Has been identified. http://cwe.mitre.org/data/definitions/330.htmlIf a third party uses a fixed source port number for the destination port, the response may be spoofed. Securifi Almond is a wireless router product from Securifi. Securifi Almond and Almond 2015 are prone to the following security vulnerabilities:\n1. A Predictable Random Number Generator Weakness. \n2. Insecure Default Password Vulnerability\n4. \n5. \nAn attacker can exploit these issues to  bypass security restrictions  and perform certain unauthorized actions,  brute-force attacks,  bypass-authentication mechanisms, or gain access to  potentially  sensitive information. This may lead to further attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-2914"
          },
          {
            "db": "CERT/CC",
            "id": "VU#906576"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004892"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-06092"
          },
          {
            "db": "BID",
            "id": "76701"
          },
          {
            "db": "VULHUB",
            "id": "VHN-80875"
          }
        ],
        "trust": 3.24
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#906576",
            "trust": 4.2
          },
          {
            "db": "NVD",
            "id": "CVE-2015-2914",
            "trust": 3.4
          },
          {
            "db": "JVN",
            "id": "JVNVU99004652",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004892",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201509-200",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-06092",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "76701",
            "trust": 0.3
          },
          {
            "db": "VULHUB",
            "id": "VHN-80875",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#906576"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-06092"
          },
          {
            "db": "VULHUB",
            "id": "VHN-80875"
          },
          {
            "db": "BID",
            "id": "76701"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004892"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201509-200"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-2914"
          }
        ]
      },
      "id": "VAR-201509-0478",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-06092"
          },
          {
            "db": "VULHUB",
            "id": "VHN-80875"
          }
        ],
        "trust": 1.3571700766666668
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-06092"
          }
        ]
      },
      "last_update_date": "2025-04-13T23:03:49.431000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.securifi.com/almond"
          },
          {
            "title": "Securifi Almond security bypass vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/64194"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-06092"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004892"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-Other",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004892"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-2914"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "http://www.kb.cert.org/vuls/id/906576"
          },
          {
            "trust": 1.7,
            "url": "http://www.securifi.com/almond"
          },
          {
            "trust": 1.4,
            "url": "https://firmware.securifi.com/al1/al1-r201exp10-l304-w34"
          },
          {
            "trust": 1.4,
            "url": "https://firmware.securifi.com/al2/al2-r088m"
          },
          {
            "trust": 0.8,
            "url": "https://cwe.mitre.org/data/definitions/330.html"
          },
          {
            "trust": 0.8,
            "url": "https://cwe.mitre.org/data/definitions/319.html"
          },
          {
            "trust": 0.8,
            "url": "https://cwe.mitre.org/data/definitions/255.html"
          },
          {
            "trust": 0.8,
            "url": "https://cwe.mitre.org/data/definitions/352.html"
          },
          {
            "trust": 0.8,
            "url": "https://cwe.mitre.org/data/definitions/20.html"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2914"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu99004652/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2914"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#906576"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-06092"
          },
          {
            "db": "VULHUB",
            "id": "VHN-80875"
          },
          {
            "db": "BID",
            "id": "76701"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004892"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201509-200"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-2914"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#906576"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-06092"
          },
          {
            "db": "VULHUB",
            "id": "VHN-80875"
          },
          {
            "db": "BID",
            "id": "76701"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004892"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201509-200"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-2914"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-09-10T00:00:00",
            "db": "CERT/CC",
            "id": "VU#906576"
          },
          {
            "date": "2015-09-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-06092"
          },
          {
            "date": "2015-09-21T00:00:00",
            "db": "VULHUB",
            "id": "VHN-80875"
          },
          {
            "date": "2015-09-10T00:00:00",
            "db": "BID",
            "id": "76701"
          },
          {
            "date": "2015-09-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-004892"
          },
          {
            "date": "2015-09-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201509-200"
          },
          {
            "date": "2015-09-21T10:59:01.960000",
            "db": "NVD",
            "id": "CVE-2015-2914"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-09-15T00:00:00",
            "db": "CERT/CC",
            "id": "VU#906576"
          },
          {
            "date": "2015-09-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-06092"
          },
          {
            "date": "2015-09-30T00:00:00",
            "db": "VULHUB",
            "id": "VHN-80875"
          },
          {
            "date": "2015-09-10T00:00:00",
            "db": "BID",
            "id": "76701"
          },
          {
            "date": "2015-09-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-004892"
          },
          {
            "date": "2015-09-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201509-200"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2015-2914"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201509-200"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Securifi Almond routers contains multiple vulnerabilities",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#906576"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Unknown",
        "sources": [
          {
            "db": "BID",
            "id": "76701"
          }
        ],
        "trust": 0.3
      }
    }

    VAR-201509-0481

    Vulnerability from variot - Updated: 2025-04-13 23:03

    Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M unintentionally omit the X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site that contains a (1) FRAME, (2) IFRAME, or (3) OBJECT element. Securifi Almond, firmware version AL1-R200-L302-W33 and earlier, and Securifi Almond 2015, firmware version AL2-R088 and earlier, contain multiple vulnerabilities. Securifi Almond is a wireless router product from Securifi. Securifi Almond and Almond 2015 are prone to the following security vulnerabilities: 1. A Predictable Random Number Generator Weakness. 2. An information-disclosure vulnerability 3. Insecure Default Password Vulnerability 4. A cross-site request-forgery vulnerability. 5. A security-bypass vulnerability. An attacker can exploit these issues to bypass security restrictions and perform certain unauthorized actions, brute-force attacks, bypass-authentication mechanisms, or gain access to potentially sensitive information. This may lead to further attacks. The vulnerability is caused by the program ignoring the X-Frame-Options HTTP header

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201509-0481",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "almond-2015",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "securifi",
            "version": "al2-r088"
          },
          {
            "model": "almond",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "securifi",
            "version": "al1-r201exp10-l304-w33"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "securifi",
            "version": null
          },
          {
            "model": "almond",
            "scope": null,
            "trust": 0.8,
            "vendor": "securifi",
            "version": null
          },
          {
            "model": "almond 2015",
            "scope": null,
            "trust": 0.8,
            "vendor": "securifi",
            "version": null
          },
          {
            "model": "almond 2015",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "securifi",
            "version": "al2-r088m"
          },
          {
            "model": "almond",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "securifi",
            "version": "al1-r201exp10-l304-w34"
          },
          {
            "model": "almond \u003cal1-r201exp10-l304-w34",
            "scope": null,
            "trust": 0.6,
            "vendor": "securifi",
            "version": null
          },
          {
            "model": "almond-2015 \u003cal2-r088m",
            "scope": null,
            "trust": 0.6,
            "vendor": "securifi",
            "version": null
          },
          {
            "model": "almond",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "securifi",
            "version": "al1-r201exp10-l304-w33"
          },
          {
            "model": "almond-2015",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "securifi",
            "version": "al2-r088"
          },
          {
            "model": "almond al2-r088",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "securifi",
            "version": "2015"
          },
          {
            "model": "almond al1-r200-l302-w33",
            "scope": null,
            "trust": 0.3,
            "vendor": "securifi",
            "version": null
          },
          {
            "model": "almond al2-r088m",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "securifi",
            "version": "2015"
          },
          {
            "model": "almond al1-r201exp10-l304-w",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "securifi",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#906576"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-06094"
          },
          {
            "db": "BID",
            "id": "76701"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004895"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201509-203"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-2917"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:securifi:almond",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:securifi:almond-2015",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:securifi:almond-2015_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:securifi:almond_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004895"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Joel Land of the CERT/CC",
        "sources": [
          {
            "db": "BID",
            "id": "76701"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2015-2917",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2015-2917",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2015-06094",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-80878",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-2917",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2015-2917",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-06094",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201509-203",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-80878",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-06094"
          },
          {
            "db": "VULHUB",
            "id": "VHN-80878"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004895"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201509-203"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-2917"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M unintentionally omit the X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site that contains a (1) FRAME, (2) IFRAME, or (3) OBJECT element. Securifi Almond, firmware version AL1-R200-L302-W33 and earlier, and Securifi Almond 2015, firmware version AL2-R088 and earlier, contain multiple vulnerabilities. Securifi Almond is a wireless router product from Securifi. Securifi Almond and Almond 2015 are prone to the following security vulnerabilities:\n1. A Predictable Random Number Generator Weakness. \n2. An information-disclosure vulnerability\n3. Insecure Default Password Vulnerability\n4. A cross-site request-forgery vulnerability. \n5. A security-bypass vulnerability. \nAn attacker can exploit these issues to  bypass security restrictions  and perform certain unauthorized actions,  brute-force attacks,  bypass-authentication mechanisms, or gain access to  potentially  sensitive information. This may lead to further attacks. The vulnerability is caused by the program ignoring the X-Frame-Options HTTP header",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-2917"
          },
          {
            "db": "CERT/CC",
            "id": "VU#906576"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004895"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-06094"
          },
          {
            "db": "BID",
            "id": "76701"
          },
          {
            "db": "VULHUB",
            "id": "VHN-80878"
          }
        ],
        "trust": 3.24
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#906576",
            "trust": 4.2
          },
          {
            "db": "NVD",
            "id": "CVE-2015-2917",
            "trust": 3.4
          },
          {
            "db": "JVN",
            "id": "JVNVU99004652",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004895",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201509-203",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-06094",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "76701",
            "trust": 0.3
          },
          {
            "db": "VULHUB",
            "id": "VHN-80878",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#906576"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-06094"
          },
          {
            "db": "VULHUB",
            "id": "VHN-80878"
          },
          {
            "db": "BID",
            "id": "76701"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004895"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201509-203"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-2917"
          }
        ]
      },
      "id": "VAR-201509-0481",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-06094"
          },
          {
            "db": "VULHUB",
            "id": "VHN-80878"
          }
        ],
        "trust": 1.3571700766666668
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-06094"
          }
        ]
      },
      "last_update_date": "2025-04-13T23:03:49.392000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.securifi.com/almond"
          },
          {
            "title": "Securifi Almond access patch to limit the vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/64196"
          },
          {
            "title": "AL2-R088m",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57701"
          },
          {
            "title": "AL1-R201EXP10-L304-W34",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57700"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-06094"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004895"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201509-203"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-80878"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004895"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-2917"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "http://www.kb.cert.org/vuls/id/906576"
          },
          {
            "trust": 1.7,
            "url": "http://www.securifi.com/almond"
          },
          {
            "trust": 1.4,
            "url": "https://firmware.securifi.com/al1/al1-r201exp10-l304-w34"
          },
          {
            "trust": 1.4,
            "url": "https://firmware.securifi.com/al2/al2-r088m"
          },
          {
            "trust": 0.8,
            "url": "https://cwe.mitre.org/data/definitions/330.html"
          },
          {
            "trust": 0.8,
            "url": "https://cwe.mitre.org/data/definitions/319.html"
          },
          {
            "trust": 0.8,
            "url": "https://cwe.mitre.org/data/definitions/255.html"
          },
          {
            "trust": 0.8,
            "url": "https://cwe.mitre.org/data/definitions/352.html"
          },
          {
            "trust": 0.8,
            "url": "https://cwe.mitre.org/data/definitions/20.html"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2917"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu99004652/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2917"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#906576"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-06094"
          },
          {
            "db": "VULHUB",
            "id": "VHN-80878"
          },
          {
            "db": "BID",
            "id": "76701"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004895"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201509-203"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-2917"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#906576"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-06094"
          },
          {
            "db": "VULHUB",
            "id": "VHN-80878"
          },
          {
            "db": "BID",
            "id": "76701"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004895"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201509-203"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-2917"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-09-10T00:00:00",
            "db": "CERT/CC",
            "id": "VU#906576"
          },
          {
            "date": "2015-09-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-06094"
          },
          {
            "date": "2015-09-21T00:00:00",
            "db": "VULHUB",
            "id": "VHN-80878"
          },
          {
            "date": "2015-09-10T00:00:00",
            "db": "BID",
            "id": "76701"
          },
          {
            "date": "2015-09-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-004895"
          },
          {
            "date": "2015-09-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201509-203"
          },
          {
            "date": "2015-09-21T10:59:05.460000",
            "db": "NVD",
            "id": "CVE-2015-2917"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-09-15T00:00:00",
            "db": "CERT/CC",
            "id": "VU#906576"
          },
          {
            "date": "2015-09-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-06094"
          },
          {
            "date": "2015-09-30T00:00:00",
            "db": "VULHUB",
            "id": "VHN-80878"
          },
          {
            "date": "2015-09-10T00:00:00",
            "db": "BID",
            "id": "76701"
          },
          {
            "date": "2015-09-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-004895"
          },
          {
            "date": "2015-09-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201509-203"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2015-2917"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201509-203"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Securifi Almond routers contains multiple vulnerabilities",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#906576"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201509-203"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201509-0242

    Vulnerability from variot - Updated: 2025-04-13 23:03

    Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a linear algorithm for selecting the ID value in the header of a DNS query performed on behalf of the device itself, which makes it easier for remote attackers to spoof responses by including this ID value, as demonstrated by a response containing the address of the firmware update server, a different vulnerability than CVE-2015-2914. Securifi Almond, firmware version AL1-R200-L302-W33 and earlier, and Securifi Almond 2015, firmware version AL2-R088 and earlier, contain multiple vulnerabilities. This vulnerability CVE-2015-2914 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-330: Use of Insufficiently Random Values ( Insufficient random value used ) Has been identified. Securifi Almond is a wireless router product from Securifi. Securifi Almond has a man-in-the-middle attack vulnerability. ID value

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201509-0242",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "almond",
            "scope": null,
            "trust": 1.4,
            "vendor": "securifi",
            "version": null
          },
          {
            "model": "almond-2015",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "securifi",
            "version": "al2-r088"
          },
          {
            "model": "almond",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "securifi",
            "version": "al1-r201exp10-l304-w33"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "securifi",
            "version": null
          },
          {
            "model": "almond 2015",
            "scope": null,
            "trust": 0.8,
            "vendor": "securifi",
            "version": null
          },
          {
            "model": "almond 2015",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "securifi",
            "version": "al2-r088m"
          },
          {
            "model": "almond",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "securifi",
            "version": "al1-r201exp10-l304-w34"
          },
          {
            "model": "almond",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "securifi",
            "version": "al1-r201exp10-l304-w33"
          },
          {
            "model": "almond-2015",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "securifi",
            "version": "al2-r088"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#906576"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-06266"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004933"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201509-391"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7296"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:securifi:almond",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:securifi:almond-2015",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:securifi:almond-2015_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:securifi:almond_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004933"
          }
        ]
      },
      "cve": "CVE-2015-7296",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2015-7296",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2015-06266",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-85257",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-7296",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2015-7296",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-06266",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201509-391",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-85257",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2015-7296",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-06266"
          },
          {
            "db": "VULHUB",
            "id": "VHN-85257"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-7296"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004933"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201509-391"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7296"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a linear algorithm for selecting the ID value in the header of a DNS query performed on behalf of the device itself, which makes it easier for remote attackers to spoof responses by including this ID value, as demonstrated by a response containing the address of the firmware update server, a different vulnerability than CVE-2015-2914. Securifi Almond, firmware version AL1-R200-L302-W33 and earlier, and Securifi Almond 2015, firmware version AL2-R088 and earlier, contain multiple vulnerabilities. This vulnerability CVE-2015-2914 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-330: Use of Insufficiently Random Values ( Insufficient random value used ) Has been identified. Securifi Almond is a wireless router product from Securifi. Securifi Almond has a man-in-the-middle attack vulnerability. ID value",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-7296"
          },
          {
            "db": "CERT/CC",
            "id": "VU#906576"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004933"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-06266"
          },
          {
            "db": "VULHUB",
            "id": "VHN-85257"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-7296"
          }
        ],
        "trust": 3.06
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#906576",
            "trust": 4.0
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7296",
            "trust": 3.2
          },
          {
            "db": "JVN",
            "id": "JVNVU99004652",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004933",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201509-391",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-06266",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-85257",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-7296",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#906576"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-06266"
          },
          {
            "db": "VULHUB",
            "id": "VHN-85257"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-7296"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004933"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201509-391"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7296"
          }
        ]
      },
      "id": "VAR-201509-0242",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-06266"
          },
          {
            "db": "VULHUB",
            "id": "VHN-85257"
          }
        ],
        "trust": 1.3571700766666668
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-06266"
          }
        ]
      },
      "last_update_date": "2025-04-13T23:03:49.357000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.securifi.com/almond"
          },
          {
            "title": "AL2-R088m",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57701"
          },
          {
            "title": "AL1-R201EXP10-L304-W34",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57700"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004933"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201509-391"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-Other",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004933"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7296"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.2,
            "url": "http://www.kb.cert.org/vuls/id/906576"
          },
          {
            "trust": 0.8,
            "url": "http://www.securifi.com/almond"
          },
          {
            "trust": 0.8,
            "url": "https://firmware.securifi.com/al1/al1-r201exp10-l304-w34"
          },
          {
            "trust": 0.8,
            "url": "https://firmware.securifi.com/al2/al2-r088m"
          },
          {
            "trust": 0.8,
            "url": "https://cwe.mitre.org/data/definitions/330.html"
          },
          {
            "trust": 0.8,
            "url": "https://cwe.mitre.org/data/definitions/319.html"
          },
          {
            "trust": 0.8,
            "url": "https://cwe.mitre.org/data/definitions/255.html"
          },
          {
            "trust": 0.8,
            "url": "https://cwe.mitre.org/data/definitions/352.html"
          },
          {
            "trust": 0.8,
            "url": "https://cwe.mitre.org/data/definitions/20.html"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7296"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu99004652/"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7296"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#906576"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-06266"
          },
          {
            "db": "VULHUB",
            "id": "VHN-85257"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-7296"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004933"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201509-391"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7296"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#906576"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-06266"
          },
          {
            "db": "VULHUB",
            "id": "VHN-85257"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-7296"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004933"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201509-391"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7296"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-09-10T00:00:00",
            "db": "CERT/CC",
            "id": "VU#906576"
          },
          {
            "date": "2015-09-29T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-06266"
          },
          {
            "date": "2015-09-21T00:00:00",
            "db": "VULHUB",
            "id": "VHN-85257"
          },
          {
            "date": "2015-09-21T00:00:00",
            "db": "VULMON",
            "id": "CVE-2015-7296"
          },
          {
            "date": "2015-09-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-004933"
          },
          {
            "date": "2015-09-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201509-391"
          },
          {
            "date": "2015-09-21T10:59:09.520000",
            "db": "NVD",
            "id": "CVE-2015-7296"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-09-15T00:00:00",
            "db": "CERT/CC",
            "id": "VU#906576"
          },
          {
            "date": "2015-09-29T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-06266"
          },
          {
            "date": "2015-09-30T00:00:00",
            "db": "VULHUB",
            "id": "VHN-85257"
          },
          {
            "date": "2015-09-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2015-7296"
          },
          {
            "date": "2015-09-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-004933"
          },
          {
            "date": "2015-09-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201509-391"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2015-7296"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201509-391"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Securifi Almond routers contains multiple vulnerabilities",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#906576"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201509-0480

    Vulnerability from variot - Updated: 2025-04-12 22:59

    Cross-site request forgery (CSRF) vulnerability on Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M allows remote attackers to hijack the authentication of arbitrary users. Securifi Almond, firmware version AL1-R200-L302-W33 and earlier, and Securifi Almond 2015, firmware version AL2-R088 and earlier, contain multiple vulnerabilities. Securifi Almond is a wireless router product from Securifi. Securifi Almond and Almond 2015 are prone to the following security vulnerabilities: 1. A Predictable Random Number Generator Weakness. 2. An information-disclosure vulnerability 3. Insecure Default Password Vulnerability 4. A cross-site request-forgery vulnerability. 5. A security-bypass vulnerability. An attacker can exploit these issues to bypass security restrictions and perform certain unauthorized actions, brute-force attacks, bypass-authentication mechanisms, or gain access to potentially sensitive information. This may lead to further attacks. A remote attacker could exploit this vulnerability to perform unauthorized operations

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201509-0480",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "almond-2015",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "securifi",
            "version": "al2-r088"
          },
          {
            "model": "almond",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "securifi",
            "version": "al1-r201exp10-l304-w33"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "securifi",
            "version": null
          },
          {
            "model": "almond",
            "scope": null,
            "trust": 0.8,
            "vendor": "securifi",
            "version": null
          },
          {
            "model": "almond 2015",
            "scope": null,
            "trust": 0.8,
            "vendor": "securifi",
            "version": null
          },
          {
            "model": "almond 2015",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "securifi",
            "version": "al2-r088m"
          },
          {
            "model": "almond",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "securifi",
            "version": "al1-r201exp10-l304-w34"
          },
          {
            "model": "almond \u003cal1-r201exp10-l304-w34",
            "scope": null,
            "trust": 0.6,
            "vendor": "securifi",
            "version": null
          },
          {
            "model": "almond-2015 \u003cal2-r088m",
            "scope": null,
            "trust": 0.6,
            "vendor": "securifi",
            "version": null
          },
          {
            "model": "almond",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "securifi",
            "version": "al1-r201exp10-l304-w33"
          },
          {
            "model": "almond-2015",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "securifi",
            "version": "al2-r088"
          },
          {
            "model": "almond al2-r088",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "securifi",
            "version": "2015"
          },
          {
            "model": "almond al1-r200-l302-w33",
            "scope": null,
            "trust": 0.3,
            "vendor": "securifi",
            "version": null
          },
          {
            "model": "almond al2-r088m",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "securifi",
            "version": "2015"
          },
          {
            "model": "almond al1-r201exp10-l304-w",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "securifi",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#906576"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-06095"
          },
          {
            "db": "BID",
            "id": "76701"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004894"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201509-202"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-2916"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:securifi:almond",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:securifi:almond-2015",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:securifi:almond-2015_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:securifi:almond_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004894"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Joel Land of the CERT/CC",
        "sources": [
          {
            "db": "BID",
            "id": "76701"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2015-2916",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2015-2916",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2015-06095",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-80877",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-2916",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2015-2916",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-06095",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201509-202",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-80877",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-06095"
          },
          {
            "db": "VULHUB",
            "id": "VHN-80877"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004894"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201509-202"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-2916"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site request forgery (CSRF) vulnerability on Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M allows remote attackers to hijack the authentication of arbitrary users. Securifi Almond, firmware version AL1-R200-L302-W33 and earlier, and Securifi Almond 2015, firmware version AL2-R088 and earlier, contain multiple vulnerabilities. Securifi Almond is a wireless router product from Securifi. Securifi Almond and Almond 2015 are prone to the following security vulnerabilities:\n1. A Predictable Random Number Generator Weakness. \n2. An information-disclosure vulnerability\n3. Insecure Default Password Vulnerability\n4. A cross-site request-forgery vulnerability. \n5. A security-bypass vulnerability. \nAn attacker can exploit these issues to  bypass security restrictions  and perform certain unauthorized actions,  brute-force attacks,  bypass-authentication mechanisms, or gain access to  potentially  sensitive information. This may lead to further attacks. A remote attacker could exploit this vulnerability to perform unauthorized operations",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-2916"
          },
          {
            "db": "CERT/CC",
            "id": "VU#906576"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004894"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-06095"
          },
          {
            "db": "BID",
            "id": "76701"
          },
          {
            "db": "VULHUB",
            "id": "VHN-80877"
          }
        ],
        "trust": 3.24
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#906576",
            "trust": 4.2
          },
          {
            "db": "NVD",
            "id": "CVE-2015-2916",
            "trust": 3.4
          },
          {
            "db": "JVN",
            "id": "JVNVU99004652",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004894",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201509-202",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-06095",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "76701",
            "trust": 0.3
          },
          {
            "db": "VULHUB",
            "id": "VHN-80877",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#906576"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-06095"
          },
          {
            "db": "VULHUB",
            "id": "VHN-80877"
          },
          {
            "db": "BID",
            "id": "76701"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004894"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201509-202"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-2916"
          }
        ]
      },
      "id": "VAR-201509-0480",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-06095"
          },
          {
            "db": "VULHUB",
            "id": "VHN-80877"
          }
        ],
        "trust": 1.3571700766666668
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-06095"
          }
        ]
      },
      "last_update_date": "2025-04-12T22:59:00.867000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.securifi.com/almond"
          },
          {
            "title": "Patch for Securifi Almond Cross-Site Request Forgery Vulnerability (CNVD-2015-06095)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/64198"
          },
          {
            "title": "AL1-R201EXP10-L304-W34",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57700"
          },
          {
            "title": "AL2-R088m",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57701"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-06095"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004894"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201509-202"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-352",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-80877"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004894"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-2916"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "http://www.kb.cert.org/vuls/id/906576"
          },
          {
            "trust": 1.7,
            "url": "http://www.securifi.com/almond"
          },
          {
            "trust": 1.4,
            "url": "https://firmware.securifi.com/al1/al1-r201exp10-l304-w34"
          },
          {
            "trust": 1.4,
            "url": "https://firmware.securifi.com/al2/al2-r088m"
          },
          {
            "trust": 0.8,
            "url": "https://cwe.mitre.org/data/definitions/330.html"
          },
          {
            "trust": 0.8,
            "url": "https://cwe.mitre.org/data/definitions/319.html"
          },
          {
            "trust": 0.8,
            "url": "https://cwe.mitre.org/data/definitions/255.html"
          },
          {
            "trust": 0.8,
            "url": "https://cwe.mitre.org/data/definitions/352.html"
          },
          {
            "trust": 0.8,
            "url": "https://cwe.mitre.org/data/definitions/20.html"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2916"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu99004652/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2916"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#906576"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-06095"
          },
          {
            "db": "VULHUB",
            "id": "VHN-80877"
          },
          {
            "db": "BID",
            "id": "76701"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004894"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201509-202"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-2916"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#906576"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-06095"
          },
          {
            "db": "VULHUB",
            "id": "VHN-80877"
          },
          {
            "db": "BID",
            "id": "76701"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004894"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201509-202"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-2916"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-09-10T00:00:00",
            "db": "CERT/CC",
            "id": "VU#906576"
          },
          {
            "date": "2015-09-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-06095"
          },
          {
            "date": "2015-09-21T00:00:00",
            "db": "VULHUB",
            "id": "VHN-80877"
          },
          {
            "date": "2015-09-10T00:00:00",
            "db": "BID",
            "id": "76701"
          },
          {
            "date": "2015-09-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-004894"
          },
          {
            "date": "2015-09-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201509-202"
          },
          {
            "date": "2015-09-21T10:59:04.303000",
            "db": "NVD",
            "id": "CVE-2015-2916"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-09-15T00:00:00",
            "db": "CERT/CC",
            "id": "VU#906576"
          },
          {
            "date": "2015-09-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-06095"
          },
          {
            "date": "2015-09-30T00:00:00",
            "db": "VULHUB",
            "id": "VHN-80877"
          },
          {
            "date": "2015-09-10T00:00:00",
            "db": "BID",
            "id": "76701"
          },
          {
            "date": "2015-09-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-004894"
          },
          {
            "date": "2015-09-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201509-202"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2015-2916"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201509-202"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Securifi Almond routers contains multiple vulnerabilities",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#906576"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "cross-site request forgery",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201509-202"
          }
        ],
        "trust": 0.6
      }
    }