Search criteria
5 vulnerabilities found for almond-2015 by securifi
VAR-201509-0479
Vulnerability from variot - Updated: 2025-04-13 23:03Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M have a default password of admin for the admin account, which allows remote attackers to obtain web-management access by leveraging the ability to authenticate from the intranet. admin To use a password, Web There is a vulnerability that gains administrative access.By using an authentication function from an intranet by a third party, Web You may get administrative access. Securifi Almond is a wireless router product from Securifi. Securifi Almond uses a default password, which has a cross-site request forgery vulnerability that allows remote attackers to build malicious URIs, entice users to resolve, and perform malicious actions in the target user context. Securifi Almond and Almond 2015 are prone to the following security vulnerabilities: 1. A Predictable Random Number Generator Weakness. 2. An information-disclosure vulnerability 3. Insecure Default Password Vulnerability 4. A cross-site request-forgery vulnerability. 5. A security-bypass vulnerability. An attacker can exploit these issues to bypass security restrictions and perform certain unauthorized actions, brute-force attacks, bypass-authentication mechanisms, or gain access to potentially sensitive information. This may lead to further attacks. A remote attacker authenticated on the intranet can exploit this vulnerability to gain access to web-management
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201509-0479",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "almond-2015",
"scope": "lte",
"trust": 1.0,
"vendor": "securifi",
"version": "al2-r088"
},
{
"model": "almond",
"scope": "lte",
"trust": 1.0,
"vendor": "securifi",
"version": "al1-r201exp10-l304-w33"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "securifi",
"version": null
},
{
"model": "almond",
"scope": null,
"trust": 0.8,
"vendor": "securifi",
"version": null
},
{
"model": "almond 2015",
"scope": null,
"trust": 0.8,
"vendor": "securifi",
"version": null
},
{
"model": "almond 2015",
"scope": "lt",
"trust": 0.8,
"vendor": "securifi",
"version": "al2-r088m"
},
{
"model": "almond",
"scope": "lt",
"trust": 0.8,
"vendor": "securifi",
"version": "al1-r201exp10-l304-w34"
},
{
"model": "almond \u003cal1-r201exp10-l304-w34",
"scope": null,
"trust": 0.6,
"vendor": "securifi",
"version": null
},
{
"model": "almond-2015 \u003cal2-r088m",
"scope": null,
"trust": 0.6,
"vendor": "securifi",
"version": null
},
{
"model": "almond",
"scope": "eq",
"trust": 0.6,
"vendor": "securifi",
"version": "al1-r201exp10-l304-w33"
},
{
"model": "almond-2015",
"scope": "eq",
"trust": 0.6,
"vendor": "securifi",
"version": "al2-r088"
},
{
"model": "almond al2-r088",
"scope": "eq",
"trust": 0.3,
"vendor": "securifi",
"version": "2015"
},
{
"model": "almond al1-r200-l302-w33",
"scope": null,
"trust": 0.3,
"vendor": "securifi",
"version": null
},
{
"model": "almond al2-r088m",
"scope": "ne",
"trust": 0.3,
"vendor": "securifi",
"version": "2015"
},
{
"model": "almond al1-r201exp10-l304-w",
"scope": "ne",
"trust": 0.3,
"vendor": "securifi",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "CNVD",
"id": "CNVD-2015-06093"
},
{
"db": "BID",
"id": "76701"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004893"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-201"
},
{
"db": "NVD",
"id": "CVE-2015-2915"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:securifi:almond",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:securifi:almond-2015",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:securifi:almond-2015_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:securifi:almond_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004893"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Joel Land of the CERT/CC",
"sources": [
{
"db": "BID",
"id": "76701"
}
],
"trust": 0.3
},
"cve": "CVE-2015-2915",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CVE-2015-2915",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2015-06093",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "VHN-80876",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:P/I:P/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-2915",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-2915",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-06093",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-201",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-80876",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06093"
},
{
"db": "VULHUB",
"id": "VHN-80876"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004893"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-201"
},
{
"db": "NVD",
"id": "CVE-2015-2915"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M have a default password of admin for the admin account, which allows remote attackers to obtain web-management access by leveraging the ability to authenticate from the intranet. admin To use a password, Web There is a vulnerability that gains administrative access.By using an authentication function from an intranet by a third party, Web You may get administrative access. Securifi Almond is a wireless router product from Securifi. Securifi Almond uses a default password, which has a cross-site request forgery vulnerability that allows remote attackers to build malicious URIs, entice users to resolve, and perform malicious actions in the target user context. Securifi Almond and Almond 2015 are prone to the following security vulnerabilities:\n1. A Predictable Random Number Generator Weakness. \n2. An information-disclosure vulnerability\n3. Insecure Default Password Vulnerability\n4. A cross-site request-forgery vulnerability. \n5. A security-bypass vulnerability. \nAn attacker can exploit these issues to bypass security restrictions and perform certain unauthorized actions, brute-force attacks, bypass-authentication mechanisms, or gain access to potentially sensitive information. This may lead to further attacks. A remote attacker authenticated on the intranet can exploit this vulnerability to gain access to web-management",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2915"
},
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004893"
},
{
"db": "CNVD",
"id": "CNVD-2015-06093"
},
{
"db": "BID",
"id": "76701"
},
{
"db": "VULHUB",
"id": "VHN-80876"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#906576",
"trust": 4.2
},
{
"db": "NVD",
"id": "CVE-2015-2915",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVNVU99004652",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004893",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201509-201",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-06093",
"trust": 0.6
},
{
"db": "BID",
"id": "76701",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-80876",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "CNVD",
"id": "CNVD-2015-06093"
},
{
"db": "VULHUB",
"id": "VHN-80876"
},
{
"db": "BID",
"id": "76701"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004893"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-201"
},
{
"db": "NVD",
"id": "CVE-2015-2915"
}
]
},
"id": "VAR-201509-0479",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06093"
},
{
"db": "VULHUB",
"id": "VHN-80876"
}
],
"trust": 1.3571700766666668
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06093"
}
]
},
"last_update_date": "2025-04-13T23:03:49.472000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.securifi.com/almond"
},
{
"title": "Patch of Securifi Almond cross-site request forgery vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/64195"
},
{
"title": "AL1-R201EXP10-L304-W34",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57700"
},
{
"title": "AL2-R088m",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57701"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06093"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004893"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-201"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80876"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004893"
},
{
"db": "NVD",
"id": "CVE-2015-2915"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.kb.cert.org/vuls/id/906576"
},
{
"trust": 1.7,
"url": "http://www.securifi.com/almond"
},
{
"trust": 1.4,
"url": "https://firmware.securifi.com/al1/al1-r201exp10-l304-w34"
},
{
"trust": 1.4,
"url": "https://firmware.securifi.com/al2/al2-r088m"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/330.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/319.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2915"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99004652/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2915"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "CNVD",
"id": "CNVD-2015-06093"
},
{
"db": "VULHUB",
"id": "VHN-80876"
},
{
"db": "BID",
"id": "76701"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004893"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-201"
},
{
"db": "NVD",
"id": "CVE-2015-2915"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "CNVD",
"id": "CNVD-2015-06093"
},
{
"db": "VULHUB",
"id": "VHN-80876"
},
{
"db": "BID",
"id": "76701"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004893"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-201"
},
{
"db": "NVD",
"id": "CVE-2015-2915"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-10T00:00:00",
"db": "CERT/CC",
"id": "VU#906576"
},
{
"date": "2015-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06093"
},
{
"date": "2015-09-21T00:00:00",
"db": "VULHUB",
"id": "VHN-80876"
},
{
"date": "2015-09-10T00:00:00",
"db": "BID",
"id": "76701"
},
{
"date": "2015-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004893"
},
{
"date": "2015-09-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-201"
},
{
"date": "2015-09-21T10:59:03.257000",
"db": "NVD",
"id": "CVE-2015-2915"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-15T00:00:00",
"db": "CERT/CC",
"id": "VU#906576"
},
{
"date": "2015-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06093"
},
{
"date": "2015-09-30T00:00:00",
"db": "VULHUB",
"id": "VHN-80876"
},
{
"date": "2015-09-10T00:00:00",
"db": "BID",
"id": "76701"
},
{
"date": "2015-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004893"
},
{
"date": "2015-09-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-201"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-2915"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-201"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Securifi Almond routers contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#906576"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-201"
}
],
"trust": 0.6
}
}
VAR-201509-0478
Vulnerability from variot - Updated: 2025-04-13 23:03Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a fixed source-port number in outbound DNS queries performed on behalf of any device, which makes it easier for remote attackers to spoof responses by using this number for the destination port, a different vulnerability than CVE-2015-7296. Securifi Almond, firmware version AL1-R200-L302-W33 and earlier, and Securifi Almond 2015, firmware version AL2-R088 and earlier, contain multiple vulnerabilities. This vulnerability CVE-2015-7296 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-330: Use of Insufficiently Random Values ( Insufficient random value used ) Has been identified. http://cwe.mitre.org/data/definitions/330.htmlIf a third party uses a fixed source port number for the destination port, the response may be spoofed. Securifi Almond is a wireless router product from Securifi. Securifi Almond and Almond 2015 are prone to the following security vulnerabilities: 1. A Predictable Random Number Generator Weakness. 2. Insecure Default Password Vulnerability 4. 5. An attacker can exploit these issues to bypass security restrictions and perform certain unauthorized actions, brute-force attacks, bypass-authentication mechanisms, or gain access to potentially sensitive information. This may lead to further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201509-0478",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "almond-2015",
"scope": "lte",
"trust": 1.0,
"vendor": "securifi",
"version": "al2-r088"
},
{
"model": "almond",
"scope": "lte",
"trust": 1.0,
"vendor": "securifi",
"version": "al1-r201exp10-l304-w33"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "securifi",
"version": null
},
{
"model": "almond",
"scope": null,
"trust": 0.8,
"vendor": "securifi",
"version": null
},
{
"model": "almond 2015",
"scope": null,
"trust": 0.8,
"vendor": "securifi",
"version": null
},
{
"model": "almond 2015",
"scope": "lt",
"trust": 0.8,
"vendor": "securifi",
"version": "al2-r088m"
},
{
"model": "almond",
"scope": "lt",
"trust": 0.8,
"vendor": "securifi",
"version": "al1-r201exp10-l304-w34"
},
{
"model": "almond \u003cal1-r201exp10-l304-w34",
"scope": null,
"trust": 0.6,
"vendor": "securifi",
"version": null
},
{
"model": "almond-2015 \u003cal2-r088m",
"scope": null,
"trust": 0.6,
"vendor": "securifi",
"version": null
},
{
"model": "almond",
"scope": "eq",
"trust": 0.6,
"vendor": "securifi",
"version": "al1-r201exp10-l304-w33"
},
{
"model": "almond-2015",
"scope": "eq",
"trust": 0.6,
"vendor": "securifi",
"version": "al2-r088"
},
{
"model": "almond al2-r088",
"scope": "eq",
"trust": 0.3,
"vendor": "securifi",
"version": "2015"
},
{
"model": "almond al1-r200-l302-w33",
"scope": null,
"trust": 0.3,
"vendor": "securifi",
"version": null
},
{
"model": "almond al2-r088m",
"scope": "ne",
"trust": 0.3,
"vendor": "securifi",
"version": "2015"
},
{
"model": "almond al1-r201exp10-l304-w",
"scope": "ne",
"trust": 0.3,
"vendor": "securifi",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "CNVD",
"id": "CNVD-2015-06092"
},
{
"db": "BID",
"id": "76701"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004892"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-200"
},
{
"db": "NVD",
"id": "CVE-2015-2914"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:securifi:almond",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:securifi:almond-2015",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:securifi:almond-2015_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:securifi:almond_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004892"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Joel Land of the CERT/CC",
"sources": [
{
"db": "BID",
"id": "76701"
}
],
"trust": 0.3
},
"cve": "CVE-2015-2914",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-2914",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-06092",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-80875",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-2914",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-2914",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-06092",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-200",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-80875",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06092"
},
{
"db": "VULHUB",
"id": "VHN-80875"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004892"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-200"
},
{
"db": "NVD",
"id": "CVE-2015-2914"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a fixed source-port number in outbound DNS queries performed on behalf of any device, which makes it easier for remote attackers to spoof responses by using this number for the destination port, a different vulnerability than CVE-2015-7296. Securifi Almond, firmware version AL1-R200-L302-W33 and earlier, and Securifi Almond 2015, firmware version AL2-R088 and earlier, contain multiple vulnerabilities. This vulnerability CVE-2015-7296 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-330: Use of Insufficiently Random Values ( Insufficient random value used ) Has been identified. http://cwe.mitre.org/data/definitions/330.htmlIf a third party uses a fixed source port number for the destination port, the response may be spoofed. Securifi Almond is a wireless router product from Securifi. Securifi Almond and Almond 2015 are prone to the following security vulnerabilities:\n1. A Predictable Random Number Generator Weakness. \n2. Insecure Default Password Vulnerability\n4. \n5. \nAn attacker can exploit these issues to bypass security restrictions and perform certain unauthorized actions, brute-force attacks, bypass-authentication mechanisms, or gain access to potentially sensitive information. This may lead to further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2914"
},
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004892"
},
{
"db": "CNVD",
"id": "CNVD-2015-06092"
},
{
"db": "BID",
"id": "76701"
},
{
"db": "VULHUB",
"id": "VHN-80875"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#906576",
"trust": 4.2
},
{
"db": "NVD",
"id": "CVE-2015-2914",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVNVU99004652",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004892",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201509-200",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-06092",
"trust": 0.6
},
{
"db": "BID",
"id": "76701",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-80875",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "CNVD",
"id": "CNVD-2015-06092"
},
{
"db": "VULHUB",
"id": "VHN-80875"
},
{
"db": "BID",
"id": "76701"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004892"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-200"
},
{
"db": "NVD",
"id": "CVE-2015-2914"
}
]
},
"id": "VAR-201509-0478",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06092"
},
{
"db": "VULHUB",
"id": "VHN-80875"
}
],
"trust": 1.3571700766666668
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06092"
}
]
},
"last_update_date": "2025-04-13T23:03:49.431000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.securifi.com/almond"
},
{
"title": "Securifi Almond security bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/64194"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06092"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004892"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004892"
},
{
"db": "NVD",
"id": "CVE-2015-2914"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.kb.cert.org/vuls/id/906576"
},
{
"trust": 1.7,
"url": "http://www.securifi.com/almond"
},
{
"trust": 1.4,
"url": "https://firmware.securifi.com/al1/al1-r201exp10-l304-w34"
},
{
"trust": 1.4,
"url": "https://firmware.securifi.com/al2/al2-r088m"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/330.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/319.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2914"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99004652/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2914"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "CNVD",
"id": "CNVD-2015-06092"
},
{
"db": "VULHUB",
"id": "VHN-80875"
},
{
"db": "BID",
"id": "76701"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004892"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-200"
},
{
"db": "NVD",
"id": "CVE-2015-2914"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "CNVD",
"id": "CNVD-2015-06092"
},
{
"db": "VULHUB",
"id": "VHN-80875"
},
{
"db": "BID",
"id": "76701"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004892"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-200"
},
{
"db": "NVD",
"id": "CVE-2015-2914"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-10T00:00:00",
"db": "CERT/CC",
"id": "VU#906576"
},
{
"date": "2015-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06092"
},
{
"date": "2015-09-21T00:00:00",
"db": "VULHUB",
"id": "VHN-80875"
},
{
"date": "2015-09-10T00:00:00",
"db": "BID",
"id": "76701"
},
{
"date": "2015-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004892"
},
{
"date": "2015-09-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-200"
},
{
"date": "2015-09-21T10:59:01.960000",
"db": "NVD",
"id": "CVE-2015-2914"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-15T00:00:00",
"db": "CERT/CC",
"id": "VU#906576"
},
{
"date": "2015-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06092"
},
{
"date": "2015-09-30T00:00:00",
"db": "VULHUB",
"id": "VHN-80875"
},
{
"date": "2015-09-10T00:00:00",
"db": "BID",
"id": "76701"
},
{
"date": "2015-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004892"
},
{
"date": "2015-09-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-200"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-2914"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-200"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Securifi Almond routers contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#906576"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "76701"
}
],
"trust": 0.3
}
}
VAR-201509-0481
Vulnerability from variot - Updated: 2025-04-13 23:03Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M unintentionally omit the X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site that contains a (1) FRAME, (2) IFRAME, or (3) OBJECT element. Securifi Almond, firmware version AL1-R200-L302-W33 and earlier, and Securifi Almond 2015, firmware version AL2-R088 and earlier, contain multiple vulnerabilities. Securifi Almond is a wireless router product from Securifi. Securifi Almond and Almond 2015 are prone to the following security vulnerabilities: 1. A Predictable Random Number Generator Weakness. 2. An information-disclosure vulnerability 3. Insecure Default Password Vulnerability 4. A cross-site request-forgery vulnerability. 5. A security-bypass vulnerability. An attacker can exploit these issues to bypass security restrictions and perform certain unauthorized actions, brute-force attacks, bypass-authentication mechanisms, or gain access to potentially sensitive information. This may lead to further attacks. The vulnerability is caused by the program ignoring the X-Frame-Options HTTP header
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201509-0481",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "almond-2015",
"scope": "lte",
"trust": 1.0,
"vendor": "securifi",
"version": "al2-r088"
},
{
"model": "almond",
"scope": "lte",
"trust": 1.0,
"vendor": "securifi",
"version": "al1-r201exp10-l304-w33"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "securifi",
"version": null
},
{
"model": "almond",
"scope": null,
"trust": 0.8,
"vendor": "securifi",
"version": null
},
{
"model": "almond 2015",
"scope": null,
"trust": 0.8,
"vendor": "securifi",
"version": null
},
{
"model": "almond 2015",
"scope": "lt",
"trust": 0.8,
"vendor": "securifi",
"version": "al2-r088m"
},
{
"model": "almond",
"scope": "lt",
"trust": 0.8,
"vendor": "securifi",
"version": "al1-r201exp10-l304-w34"
},
{
"model": "almond \u003cal1-r201exp10-l304-w34",
"scope": null,
"trust": 0.6,
"vendor": "securifi",
"version": null
},
{
"model": "almond-2015 \u003cal2-r088m",
"scope": null,
"trust": 0.6,
"vendor": "securifi",
"version": null
},
{
"model": "almond",
"scope": "eq",
"trust": 0.6,
"vendor": "securifi",
"version": "al1-r201exp10-l304-w33"
},
{
"model": "almond-2015",
"scope": "eq",
"trust": 0.6,
"vendor": "securifi",
"version": "al2-r088"
},
{
"model": "almond al2-r088",
"scope": "eq",
"trust": 0.3,
"vendor": "securifi",
"version": "2015"
},
{
"model": "almond al1-r200-l302-w33",
"scope": null,
"trust": 0.3,
"vendor": "securifi",
"version": null
},
{
"model": "almond al2-r088m",
"scope": "ne",
"trust": 0.3,
"vendor": "securifi",
"version": "2015"
},
{
"model": "almond al1-r201exp10-l304-w",
"scope": "ne",
"trust": 0.3,
"vendor": "securifi",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "CNVD",
"id": "CNVD-2015-06094"
},
{
"db": "BID",
"id": "76701"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004895"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-203"
},
{
"db": "NVD",
"id": "CVE-2015-2917"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:securifi:almond",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:securifi:almond-2015",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:securifi:almond-2015_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:securifi:almond_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004895"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Joel Land of the CERT/CC",
"sources": [
{
"db": "BID",
"id": "76701"
}
],
"trust": 0.3
},
"cve": "CVE-2015-2917",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2015-2917",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-06094",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-80878",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-2917",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-2917",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-06094",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-203",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-80878",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06094"
},
{
"db": "VULHUB",
"id": "VHN-80878"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004895"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-203"
},
{
"db": "NVD",
"id": "CVE-2015-2917"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M unintentionally omit the X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site that contains a (1) FRAME, (2) IFRAME, or (3) OBJECT element. Securifi Almond, firmware version AL1-R200-L302-W33 and earlier, and Securifi Almond 2015, firmware version AL2-R088 and earlier, contain multiple vulnerabilities. Securifi Almond is a wireless router product from Securifi. Securifi Almond and Almond 2015 are prone to the following security vulnerabilities:\n1. A Predictable Random Number Generator Weakness. \n2. An information-disclosure vulnerability\n3. Insecure Default Password Vulnerability\n4. A cross-site request-forgery vulnerability. \n5. A security-bypass vulnerability. \nAn attacker can exploit these issues to bypass security restrictions and perform certain unauthorized actions, brute-force attacks, bypass-authentication mechanisms, or gain access to potentially sensitive information. This may lead to further attacks. The vulnerability is caused by the program ignoring the X-Frame-Options HTTP header",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2917"
},
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004895"
},
{
"db": "CNVD",
"id": "CNVD-2015-06094"
},
{
"db": "BID",
"id": "76701"
},
{
"db": "VULHUB",
"id": "VHN-80878"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#906576",
"trust": 4.2
},
{
"db": "NVD",
"id": "CVE-2015-2917",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVNVU99004652",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004895",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201509-203",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-06094",
"trust": 0.6
},
{
"db": "BID",
"id": "76701",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-80878",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "CNVD",
"id": "CNVD-2015-06094"
},
{
"db": "VULHUB",
"id": "VHN-80878"
},
{
"db": "BID",
"id": "76701"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004895"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-203"
},
{
"db": "NVD",
"id": "CVE-2015-2917"
}
]
},
"id": "VAR-201509-0481",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06094"
},
{
"db": "VULHUB",
"id": "VHN-80878"
}
],
"trust": 1.3571700766666668
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06094"
}
]
},
"last_update_date": "2025-04-13T23:03:49.392000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.securifi.com/almond"
},
{
"title": "Securifi Almond access patch to limit the vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/64196"
},
{
"title": "AL2-R088m",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57701"
},
{
"title": "AL1-R201EXP10-L304-W34",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57700"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06094"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004895"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-203"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80878"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004895"
},
{
"db": "NVD",
"id": "CVE-2015-2917"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.kb.cert.org/vuls/id/906576"
},
{
"trust": 1.7,
"url": "http://www.securifi.com/almond"
},
{
"trust": 1.4,
"url": "https://firmware.securifi.com/al1/al1-r201exp10-l304-w34"
},
{
"trust": 1.4,
"url": "https://firmware.securifi.com/al2/al2-r088m"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/330.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/319.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2917"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99004652/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2917"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "CNVD",
"id": "CNVD-2015-06094"
},
{
"db": "VULHUB",
"id": "VHN-80878"
},
{
"db": "BID",
"id": "76701"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004895"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-203"
},
{
"db": "NVD",
"id": "CVE-2015-2917"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "CNVD",
"id": "CNVD-2015-06094"
},
{
"db": "VULHUB",
"id": "VHN-80878"
},
{
"db": "BID",
"id": "76701"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004895"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-203"
},
{
"db": "NVD",
"id": "CVE-2015-2917"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-10T00:00:00",
"db": "CERT/CC",
"id": "VU#906576"
},
{
"date": "2015-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06094"
},
{
"date": "2015-09-21T00:00:00",
"db": "VULHUB",
"id": "VHN-80878"
},
{
"date": "2015-09-10T00:00:00",
"db": "BID",
"id": "76701"
},
{
"date": "2015-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004895"
},
{
"date": "2015-09-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-203"
},
{
"date": "2015-09-21T10:59:05.460000",
"db": "NVD",
"id": "CVE-2015-2917"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-15T00:00:00",
"db": "CERT/CC",
"id": "VU#906576"
},
{
"date": "2015-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06094"
},
{
"date": "2015-09-30T00:00:00",
"db": "VULHUB",
"id": "VHN-80878"
},
{
"date": "2015-09-10T00:00:00",
"db": "BID",
"id": "76701"
},
{
"date": "2015-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004895"
},
{
"date": "2015-09-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-203"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-2917"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-203"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Securifi Almond routers contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#906576"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-203"
}
],
"trust": 0.6
}
}
VAR-201509-0242
Vulnerability from variot - Updated: 2025-04-13 23:03Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a linear algorithm for selecting the ID value in the header of a DNS query performed on behalf of the device itself, which makes it easier for remote attackers to spoof responses by including this ID value, as demonstrated by a response containing the address of the firmware update server, a different vulnerability than CVE-2015-2914. Securifi Almond, firmware version AL1-R200-L302-W33 and earlier, and Securifi Almond 2015, firmware version AL2-R088 and earlier, contain multiple vulnerabilities. This vulnerability CVE-2015-2914 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-330: Use of Insufficiently Random Values ( Insufficient random value used ) Has been identified. Securifi Almond is a wireless router product from Securifi. Securifi Almond has a man-in-the-middle attack vulnerability. ID value
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201509-0242",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "almond",
"scope": null,
"trust": 1.4,
"vendor": "securifi",
"version": null
},
{
"model": "almond-2015",
"scope": "lte",
"trust": 1.0,
"vendor": "securifi",
"version": "al2-r088"
},
{
"model": "almond",
"scope": "lte",
"trust": 1.0,
"vendor": "securifi",
"version": "al1-r201exp10-l304-w33"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "securifi",
"version": null
},
{
"model": "almond 2015",
"scope": null,
"trust": 0.8,
"vendor": "securifi",
"version": null
},
{
"model": "almond 2015",
"scope": "lt",
"trust": 0.8,
"vendor": "securifi",
"version": "al2-r088m"
},
{
"model": "almond",
"scope": "lt",
"trust": 0.8,
"vendor": "securifi",
"version": "al1-r201exp10-l304-w34"
},
{
"model": "almond",
"scope": "eq",
"trust": 0.6,
"vendor": "securifi",
"version": "al1-r201exp10-l304-w33"
},
{
"model": "almond-2015",
"scope": "eq",
"trust": 0.6,
"vendor": "securifi",
"version": "al2-r088"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "CNVD",
"id": "CNVD-2015-06266"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004933"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-391"
},
{
"db": "NVD",
"id": "CVE-2015-7296"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:securifi:almond",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:securifi:almond-2015",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:securifi:almond-2015_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:securifi:almond_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004933"
}
]
},
"cve": "CVE-2015-7296",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2015-7296",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-06266",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-85257",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-7296",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-7296",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-06266",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-391",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-85257",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-7296",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06266"
},
{
"db": "VULHUB",
"id": "VHN-85257"
},
{
"db": "VULMON",
"id": "CVE-2015-7296"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004933"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-391"
},
{
"db": "NVD",
"id": "CVE-2015-7296"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a linear algorithm for selecting the ID value in the header of a DNS query performed on behalf of the device itself, which makes it easier for remote attackers to spoof responses by including this ID value, as demonstrated by a response containing the address of the firmware update server, a different vulnerability than CVE-2015-2914. Securifi Almond, firmware version AL1-R200-L302-W33 and earlier, and Securifi Almond 2015, firmware version AL2-R088 and earlier, contain multiple vulnerabilities. This vulnerability CVE-2015-2914 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-330: Use of Insufficiently Random Values ( Insufficient random value used ) Has been identified. Securifi Almond is a wireless router product from Securifi. Securifi Almond has a man-in-the-middle attack vulnerability. ID value",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7296"
},
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004933"
},
{
"db": "CNVD",
"id": "CNVD-2015-06266"
},
{
"db": "VULHUB",
"id": "VHN-85257"
},
{
"db": "VULMON",
"id": "CVE-2015-7296"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#906576",
"trust": 4.0
},
{
"db": "NVD",
"id": "CVE-2015-7296",
"trust": 3.2
},
{
"db": "JVN",
"id": "JVNVU99004652",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004933",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201509-391",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-06266",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-85257",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-7296",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "CNVD",
"id": "CNVD-2015-06266"
},
{
"db": "VULHUB",
"id": "VHN-85257"
},
{
"db": "VULMON",
"id": "CVE-2015-7296"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004933"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-391"
},
{
"db": "NVD",
"id": "CVE-2015-7296"
}
]
},
"id": "VAR-201509-0242",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06266"
},
{
"db": "VULHUB",
"id": "VHN-85257"
}
],
"trust": 1.3571700766666668
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06266"
}
]
},
"last_update_date": "2025-04-13T23:03:49.357000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.securifi.com/almond"
},
{
"title": "AL2-R088m",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57701"
},
{
"title": "AL1-R201EXP10-L304-W34",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57700"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004933"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-391"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004933"
},
{
"db": "NVD",
"id": "CVE-2015-7296"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "http://www.kb.cert.org/vuls/id/906576"
},
{
"trust": 0.8,
"url": "http://www.securifi.com/almond"
},
{
"trust": 0.8,
"url": "https://firmware.securifi.com/al1/al1-r201exp10-l304-w34"
},
{
"trust": 0.8,
"url": "https://firmware.securifi.com/al2/al2-r088m"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/330.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/319.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7296"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99004652/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7296"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "CNVD",
"id": "CNVD-2015-06266"
},
{
"db": "VULHUB",
"id": "VHN-85257"
},
{
"db": "VULMON",
"id": "CVE-2015-7296"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004933"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-391"
},
{
"db": "NVD",
"id": "CVE-2015-7296"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "CNVD",
"id": "CNVD-2015-06266"
},
{
"db": "VULHUB",
"id": "VHN-85257"
},
{
"db": "VULMON",
"id": "CVE-2015-7296"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004933"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-391"
},
{
"db": "NVD",
"id": "CVE-2015-7296"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-10T00:00:00",
"db": "CERT/CC",
"id": "VU#906576"
},
{
"date": "2015-09-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06266"
},
{
"date": "2015-09-21T00:00:00",
"db": "VULHUB",
"id": "VHN-85257"
},
{
"date": "2015-09-21T00:00:00",
"db": "VULMON",
"id": "CVE-2015-7296"
},
{
"date": "2015-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004933"
},
{
"date": "2015-09-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-391"
},
{
"date": "2015-09-21T10:59:09.520000",
"db": "NVD",
"id": "CVE-2015-7296"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-15T00:00:00",
"db": "CERT/CC",
"id": "VU#906576"
},
{
"date": "2015-09-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06266"
},
{
"date": "2015-09-30T00:00:00",
"db": "VULHUB",
"id": "VHN-85257"
},
{
"date": "2015-09-30T00:00:00",
"db": "VULMON",
"id": "CVE-2015-7296"
},
{
"date": "2015-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004933"
},
{
"date": "2015-09-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-391"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-7296"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-391"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Securifi Almond routers contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#906576"
}
],
"trust": 0.8
}
}
VAR-201509-0480
Vulnerability from variot - Updated: 2025-04-12 22:59Cross-site request forgery (CSRF) vulnerability on Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M allows remote attackers to hijack the authentication of arbitrary users. Securifi Almond, firmware version AL1-R200-L302-W33 and earlier, and Securifi Almond 2015, firmware version AL2-R088 and earlier, contain multiple vulnerabilities. Securifi Almond is a wireless router product from Securifi. Securifi Almond and Almond 2015 are prone to the following security vulnerabilities: 1. A Predictable Random Number Generator Weakness. 2. An information-disclosure vulnerability 3. Insecure Default Password Vulnerability 4. A cross-site request-forgery vulnerability. 5. A security-bypass vulnerability. An attacker can exploit these issues to bypass security restrictions and perform certain unauthorized actions, brute-force attacks, bypass-authentication mechanisms, or gain access to potentially sensitive information. This may lead to further attacks. A remote attacker could exploit this vulnerability to perform unauthorized operations
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201509-0480",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "almond-2015",
"scope": "lte",
"trust": 1.0,
"vendor": "securifi",
"version": "al2-r088"
},
{
"model": "almond",
"scope": "lte",
"trust": 1.0,
"vendor": "securifi",
"version": "al1-r201exp10-l304-w33"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "securifi",
"version": null
},
{
"model": "almond",
"scope": null,
"trust": 0.8,
"vendor": "securifi",
"version": null
},
{
"model": "almond 2015",
"scope": null,
"trust": 0.8,
"vendor": "securifi",
"version": null
},
{
"model": "almond 2015",
"scope": "lt",
"trust": 0.8,
"vendor": "securifi",
"version": "al2-r088m"
},
{
"model": "almond",
"scope": "lt",
"trust": 0.8,
"vendor": "securifi",
"version": "al1-r201exp10-l304-w34"
},
{
"model": "almond \u003cal1-r201exp10-l304-w34",
"scope": null,
"trust": 0.6,
"vendor": "securifi",
"version": null
},
{
"model": "almond-2015 \u003cal2-r088m",
"scope": null,
"trust": 0.6,
"vendor": "securifi",
"version": null
},
{
"model": "almond",
"scope": "eq",
"trust": 0.6,
"vendor": "securifi",
"version": "al1-r201exp10-l304-w33"
},
{
"model": "almond-2015",
"scope": "eq",
"trust": 0.6,
"vendor": "securifi",
"version": "al2-r088"
},
{
"model": "almond al2-r088",
"scope": "eq",
"trust": 0.3,
"vendor": "securifi",
"version": "2015"
},
{
"model": "almond al1-r200-l302-w33",
"scope": null,
"trust": 0.3,
"vendor": "securifi",
"version": null
},
{
"model": "almond al2-r088m",
"scope": "ne",
"trust": 0.3,
"vendor": "securifi",
"version": "2015"
},
{
"model": "almond al1-r201exp10-l304-w",
"scope": "ne",
"trust": 0.3,
"vendor": "securifi",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "CNVD",
"id": "CNVD-2015-06095"
},
{
"db": "BID",
"id": "76701"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004894"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-202"
},
{
"db": "NVD",
"id": "CVE-2015-2916"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:securifi:almond",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:securifi:almond-2015",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:securifi:almond-2015_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:securifi:almond_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004894"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Joel Land of the CERT/CC",
"sources": [
{
"db": "BID",
"id": "76701"
}
],
"trust": 0.3
},
"cve": "CVE-2015-2916",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2015-2916",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-06095",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-80877",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-2916",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-2916",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-06095",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-202",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-80877",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06095"
},
{
"db": "VULHUB",
"id": "VHN-80877"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004894"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-202"
},
{
"db": "NVD",
"id": "CVE-2015-2916"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability on Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M allows remote attackers to hijack the authentication of arbitrary users. Securifi Almond, firmware version AL1-R200-L302-W33 and earlier, and Securifi Almond 2015, firmware version AL2-R088 and earlier, contain multiple vulnerabilities. Securifi Almond is a wireless router product from Securifi. Securifi Almond and Almond 2015 are prone to the following security vulnerabilities:\n1. A Predictable Random Number Generator Weakness. \n2. An information-disclosure vulnerability\n3. Insecure Default Password Vulnerability\n4. A cross-site request-forgery vulnerability. \n5. A security-bypass vulnerability. \nAn attacker can exploit these issues to bypass security restrictions and perform certain unauthorized actions, brute-force attacks, bypass-authentication mechanisms, or gain access to potentially sensitive information. This may lead to further attacks. A remote attacker could exploit this vulnerability to perform unauthorized operations",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2916"
},
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004894"
},
{
"db": "CNVD",
"id": "CNVD-2015-06095"
},
{
"db": "BID",
"id": "76701"
},
{
"db": "VULHUB",
"id": "VHN-80877"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#906576",
"trust": 4.2
},
{
"db": "NVD",
"id": "CVE-2015-2916",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVNVU99004652",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004894",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201509-202",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-06095",
"trust": 0.6
},
{
"db": "BID",
"id": "76701",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-80877",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "CNVD",
"id": "CNVD-2015-06095"
},
{
"db": "VULHUB",
"id": "VHN-80877"
},
{
"db": "BID",
"id": "76701"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004894"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-202"
},
{
"db": "NVD",
"id": "CVE-2015-2916"
}
]
},
"id": "VAR-201509-0480",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06095"
},
{
"db": "VULHUB",
"id": "VHN-80877"
}
],
"trust": 1.3571700766666668
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06095"
}
]
},
"last_update_date": "2025-04-12T22:59:00.867000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.securifi.com/almond"
},
{
"title": "Patch for Securifi Almond Cross-Site Request Forgery Vulnerability (CNVD-2015-06095)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/64198"
},
{
"title": "AL1-R201EXP10-L304-W34",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57700"
},
{
"title": "AL2-R088m",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57701"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06095"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004894"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-202"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80877"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004894"
},
{
"db": "NVD",
"id": "CVE-2015-2916"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.kb.cert.org/vuls/id/906576"
},
{
"trust": 1.7,
"url": "http://www.securifi.com/almond"
},
{
"trust": 1.4,
"url": "https://firmware.securifi.com/al1/al1-r201exp10-l304-w34"
},
{
"trust": 1.4,
"url": "https://firmware.securifi.com/al2/al2-r088m"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/330.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/319.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2916"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99004652/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2916"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "CNVD",
"id": "CNVD-2015-06095"
},
{
"db": "VULHUB",
"id": "VHN-80877"
},
{
"db": "BID",
"id": "76701"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004894"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-202"
},
{
"db": "NVD",
"id": "CVE-2015-2916"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "CNVD",
"id": "CNVD-2015-06095"
},
{
"db": "VULHUB",
"id": "VHN-80877"
},
{
"db": "BID",
"id": "76701"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004894"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-202"
},
{
"db": "NVD",
"id": "CVE-2015-2916"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-10T00:00:00",
"db": "CERT/CC",
"id": "VU#906576"
},
{
"date": "2015-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06095"
},
{
"date": "2015-09-21T00:00:00",
"db": "VULHUB",
"id": "VHN-80877"
},
{
"date": "2015-09-10T00:00:00",
"db": "BID",
"id": "76701"
},
{
"date": "2015-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004894"
},
{
"date": "2015-09-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-202"
},
{
"date": "2015-09-21T10:59:04.303000",
"db": "NVD",
"id": "CVE-2015-2916"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-15T00:00:00",
"db": "CERT/CC",
"id": "VU#906576"
},
{
"date": "2015-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06095"
},
{
"date": "2015-09-30T00:00:00",
"db": "VULHUB",
"id": "VHN-80877"
},
{
"date": "2015-09-10T00:00:00",
"db": "BID",
"id": "76701"
},
{
"date": "2015-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004894"
},
{
"date": "2015-09-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-202"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-2916"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-202"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Securifi Almond routers contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#906576"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-202"
}
],
"trust": 0.6
}
}