Vulnerability-Lookup

CVE-2015-2914 (GCVE-0-2015-2914)

Vulnerability from cvelistv5 – Published: 2015-09-21 10:00 – Updated: 2024-08-06 05:32

Summary

Severity ?

No CVSS data available.

CWE

Assigner

certcc

References

URL

GHSA-QQ45-89XG-7JPJ

Vulnerability from github – Published: 2022-05-17 04:06 – Updated: 2022-05-17 04:06

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-2914"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-09-21T10:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a fixed source-port number in outbound DNS queries performed on behalf of any device, which makes it easier for remote attackers to spoof responses by using this number for the destination port, a different vulnerability than CVE-2015-7296.",
  "id": "GHSA-qq45-89xg-7jpj",
  "modified": "2022-05-17T04:06:28Z",
  "published": "2022-05-17T04:06:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2914"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/906576"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-201509-0478

Vulnerability from variot - Updated: 2025-04-13 23:03

Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a fixed source-port number in outbound DNS queries performed on behalf of any device, which makes it easier for remote attackers to spoof responses by using this number for the destination port, a different vulnerability than CVE-2015-7296. Securifi Almond, firmware version AL1-R200-L302-W33 and earlier, and Securifi Almond 2015, firmware version AL2-R088 and earlier, contain multiple vulnerabilities. This vulnerability CVE-2015-7296 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-330: Use of Insufficiently Random Values ( Insufficient random value used ) Has been identified. http://cwe.mitre.org/data/definitions/330.htmlIf a third party uses a fixed source port number for the destination port, the response may be spoofed. Securifi Almond is a wireless router product from Securifi. Securifi Almond and Almond 2015 are prone to the following security vulnerabilities: 1. A Predictable Random Number Generator Weakness. 2. Insecure Default Password Vulnerability 4. 5. An attacker can exploit these issues to bypass security restrictions and perform certain unauthorized actions, brute-force attacks, bypass-authentication mechanisms, or gain access to potentially sensitive information. This may lead to further attacks

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201509-0478",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "almond-2015",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "securifi",
        "version": "al2-r088"
      },
      {
        "model": "almond",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "securifi",
        "version": "al1-r201exp10-l304-w33"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "securifi",
        "version": null
      },
      {
        "model": "almond",
        "scope": null,
        "trust": 0.8,
        "vendor": "securifi",
        "version": null
      },
      {
        "model": "almond 2015",
        "scope": null,
        "trust": 0.8,
        "vendor": "securifi",
        "version": null
      },
      {
        "model": "almond 2015",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "securifi",
        "version": "al2-r088m"
      },
      {
        "model": "almond",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "securifi",
        "version": "al1-r201exp10-l304-w34"
      },
      {
        "model": "almond \u003cal1-r201exp10-l304-w34",
        "scope": null,
        "trust": 0.6,
        "vendor": "securifi",
        "version": null
      },
      {
        "model": "almond-2015 \u003cal2-r088m",
        "scope": null,
        "trust": 0.6,
        "vendor": "securifi",
        "version": null
      },
      {
        "model": "almond",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "securifi",
        "version": "al1-r201exp10-l304-w33"
      },
      {
        "model": "almond-2015",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "securifi",
        "version": "al2-r088"
      },
      {
        "model": "almond al2-r088",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "securifi",
        "version": "2015"
      },
      {
        "model": "almond al1-r200-l302-w33",
        "scope": null,
        "trust": 0.3,
        "vendor": "securifi",
        "version": null
      },
      {
        "model": "almond al2-r088m",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "securifi",
        "version": "2015"
      },
      {
        "model": "almond al1-r201exp10-l304-w",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "securifi",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#906576"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-06092"
      },
      {
        "db": "BID",
        "id": "76701"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004892"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201509-200"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2914"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:securifi:almond",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:securifi:almond-2015",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:securifi:almond-2015_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:securifi:almond_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004892"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Joel Land of the CERT/CC",
    "sources": [
      {
        "db": "BID",
        "id": "76701"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-2914",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2015-2914",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2015-06092",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-80875",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2015-2914",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2015-2914",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2015-06092",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201509-200",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-80875",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-06092"
      },
      {
        "db": "VULHUB",
        "id": "VHN-80875"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004892"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201509-200"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2914"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a fixed source-port number in outbound DNS queries performed on behalf of any device, which makes it easier for remote attackers to spoof responses by using this number for the destination port, a different vulnerability than CVE-2015-7296. Securifi Almond, firmware version AL1-R200-L302-W33 and earlier, and Securifi Almond 2015, firmware version AL2-R088 and earlier, contain multiple vulnerabilities. This vulnerability CVE-2015-7296 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-330: Use of Insufficiently Random Values ( Insufficient random value used ) Has been identified. http://cwe.mitre.org/data/definitions/330.htmlIf a third party uses a fixed source port number for the destination port, the response may be spoofed. Securifi Almond is a wireless router product from Securifi. Securifi Almond and Almond 2015 are prone to the following security vulnerabilities:\n1. A Predictable Random Number Generator Weakness. \n2. Insecure Default Password Vulnerability\n4. \n5. \nAn attacker can exploit these issues to  bypass security restrictions  and perform certain unauthorized actions,  brute-force attacks,  bypass-authentication mechanisms, or gain access to  potentially  sensitive information. This may lead to further attacks",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-2914"
      },
      {
        "db": "CERT/CC",
        "id": "VU#906576"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004892"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-06092"
      },
      {
        "db": "BID",
        "id": "76701"
      },
      {
        "db": "VULHUB",
        "id": "VHN-80875"
      }
    ],
    "trust": 3.24
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#906576",
        "trust": 4.2
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2914",
        "trust": 3.4
      },
      {
        "db": "JVN",
        "id": "JVNVU99004652",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004892",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201509-200",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-06092",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "76701",
        "trust": 0.3
      },
      {
        "db": "VULHUB",
        "id": "VHN-80875",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#906576"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-06092"
      },
      {
        "db": "VULHUB",
        "id": "VHN-80875"
      },
      {
        "db": "BID",
        "id": "76701"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004892"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201509-200"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2914"
      }
    ]
  },
  "id": "VAR-201509-0478",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-06092"
      },
      {
        "db": "VULHUB",
        "id": "VHN-80875"
      }
    ],
    "trust": 1.3571700766666668
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-06092"
      }
    ]
  },
  "last_update_date": "2025-04-13T23:03:49.431000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.securifi.com/almond"
      },
      {
        "title": "Securifi Almond security bypass vulnerability patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/64194"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-06092"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004892"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004892"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2914"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.4,
        "url": "http://www.kb.cert.org/vuls/id/906576"
      },
      {
        "trust": 1.7,
        "url": "http://www.securifi.com/almond"
      },
      {
        "trust": 1.4,
        "url": "https://firmware.securifi.com/al1/al1-r201exp10-l304-w34"
      },
      {
        "trust": 1.4,
        "url": "https://firmware.securifi.com/al2/al2-r088m"
      },
      {
        "trust": 0.8,
        "url": "https://cwe.mitre.org/data/definitions/330.html"
      },
      {
        "trust": 0.8,
        "url": "https://cwe.mitre.org/data/definitions/319.html"
      },
      {
        "trust": 0.8,
        "url": "https://cwe.mitre.org/data/definitions/255.html"
      },
      {
        "trust": 0.8,
        "url": "https://cwe.mitre.org/data/definitions/352.html"
      },
      {
        "trust": 0.8,
        "url": "https://cwe.mitre.org/data/definitions/20.html"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2914"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu99004652/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2914"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#906576"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-06092"
      },
      {
        "db": "VULHUB",
        "id": "VHN-80875"
      },
      {
        "db": "BID",
        "id": "76701"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004892"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201509-200"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2914"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#906576"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-06092"
      },
      {
        "db": "VULHUB",
        "id": "VHN-80875"
      },
      {
        "db": "BID",
        "id": "76701"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004892"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201509-200"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2914"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-09-10T00:00:00",
        "db": "CERT/CC",
        "id": "VU#906576"
      },
      {
        "date": "2015-09-22T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-06092"
      },
      {
        "date": "2015-09-21T00:00:00",
        "db": "VULHUB",
        "id": "VHN-80875"
      },
      {
        "date": "2015-09-10T00:00:00",
        "db": "BID",
        "id": "76701"
      },
      {
        "date": "2015-09-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-004892"
      },
      {
        "date": "2015-09-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201509-200"
      },
      {
        "date": "2015-09-21T10:59:01.960000",
        "db": "NVD",
        "id": "CVE-2015-2914"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-09-15T00:00:00",
        "db": "CERT/CC",
        "id": "VU#906576"
      },
      {
        "date": "2015-09-22T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-06092"
      },
      {
        "date": "2015-09-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-80875"
      },
      {
        "date": "2015-09-10T00:00:00",
        "db": "BID",
        "id": "76701"
      },
      {
        "date": "2015-09-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-004892"
      },
      {
        "date": "2015-09-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201509-200"
      },
      {
        "date": "2025-04-12T10:46:40.837000",
        "db": "NVD",
        "id": "CVE-2015-2914"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201509-200"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Securifi Almond routers contains multiple vulnerabilities",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#906576"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unknown",
    "sources": [
      {
        "db": "BID",
        "id": "76701"
      }
    ],
    "trust": 0.3
  }
}

GSD-2015-2914

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-2914

Aliases

CVE-2015-2914

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-2914",
    "description": "Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a fixed source-port number in outbound DNS queries performed on behalf of any device, which makes it easier for remote attackers to spoof responses by using this number for the destination port, a different vulnerability than CVE-2015-7296.",
    "id": "GSD-2015-2914"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-2914"
      ],
      "details": "Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a fixed source-port number in outbound DNS queries performed on behalf of any device, which makes it easier for remote attackers to spoof responses by using this number for the destination port, a different vulnerability than CVE-2015-7296.",
      "id": "GSD-2015-2914",
      "modified": "2023-12-13T01:20:01.008009Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cert@cert.org",
        "ID": "CVE-2015-2914",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a fixed source-port number in outbound DNS queries performed on behalf of any device, which makes it easier for remote attackers to spoof responses by using this number for the destination port, a different vulnerability than CVE-2015-7296."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "VU#906576",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/906576"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:securifi:almond_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "al1-r201exp10-l304-w33",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:securifi:almond:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:securifi:almond-2015_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "al2-r088",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:securifi:almond-2015:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2015-2914"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a fixed source-port number in outbound DNS queries performed on behalf of any device, which makes it easier for remote attackers to spoof responses by using this number for the destination port, a different vulnerability than CVE-2015-7296."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#906576",
              "refsource": "CERT-VN",
              "tags": [
                "Patch",
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/906576"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2015-09-30T18:18Z",
      "publishedDate": "2015-09-21T10:59Z"
    }
  }
}

CNVD-2015-06092

Vulnerability from cnvd - Published: 2015-09-22

Title

Securifi Almond安全绕过漏洞

Description

Securifi Almond是Securifi公司的一款无线路由器产品。 Securifi Almond对本地网络中的DNS查询使用静态源端口，允许攻击者可利用漏洞伪造DNS响应，使Almond LAN客户端连接不正确或恶意的主机。

Severity

中

Patch Name

Securifi Almond安全绕过漏洞的补丁

Patch Description

Securifi Almond是Securifi公司的一款无线路由器产品。Securifi Almond对本地网络中的DNS查询使用静态源端口，允许攻击者可利用漏洞伪造DNS响应，使Almond LAN客户端连接不正确或恶意的主机。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： http://www.kb.cert.org/vuls/id/906576

Reference

http://www.kb.cert.org/vuls/id/906576

Impacted products

Name
['Securifi Almond <AL1-R201EXP10-L304-W34', 'Securifi Almond-2015 <AL2-R088M']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-2914"
    }
  },
  "description": "Securifi Almond\u662fSecurifi\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u8def\u7531\u5668\u4ea7\u54c1\u3002\r\n\r\nSecurifi Almond\u5bf9\u672c\u5730\u7f51\u7edc\u4e2d\u7684DNS\u67e5\u8be2\u4f7f\u7528\u9759\u6001\u6e90\u7aef\u53e3\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u4f2a\u9020DNS\u54cd\u5e94\uff0c\u4f7fAlmond LAN\u5ba2\u6237\u7aef\u8fde\u63a5\u4e0d\u6b63\u786e\u6216\u6076\u610f\u7684\u4e3b\u673a\u3002",
  "discovererName": "Joel Land of the CERT/CC",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://www.kb.cert.org/vuls/id/906576",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-06092",
  "openTime": "2015-09-22",
  "patchDescription": "Securifi Almond\u662fSecurifi\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u8def\u7531\u5668\u4ea7\u54c1\u3002Securifi Almond\u5bf9\u672c\u5730\u7f51\u7edc\u4e2d\u7684DNS\u67e5\u8be2\u4f7f\u7528\u9759\u6001\u6e90\u7aef\u53e3\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u4f2a\u9020DNS\u54cd\u5e94\uff0c\u4f7fAlmond LAN\u5ba2\u6237\u7aef\u8fde\u63a5\u4e0d\u6b63\u786e\u6216\u6076\u610f\u7684\u4e3b\u673a\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Securifi Almond\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Securifi Almond \u003cAL1-R201EXP10-L304-W34",
      "Securifi  Almond-2015 \u003cAL2-R088M"
    ]
  },
  "referenceLink": "http://www.kb.cert.org/vuls/id/906576",
  "serverity": "\u4e2d",
  "submitTime": "2015-09-20",
  "title": "Securifi Almond\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

FKIE_CVE-2015-2914

Vulnerability from fkie_nvd - Published: 2015-09-21 10:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

	URL	Tags
	cret@cert.org	http://www.kb.cert.org/vuls/id/906576	Patch, Third Party Advisory, US Government Resource
	af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/906576	Patch, Third Party Advisory, US Government Resource

Impacted products

Vendor	Product	Version
securifi	almond_firmware	*
securifi	almond	*
securifi	almond-2015_firmware	*
securifi	almond-2015	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:securifi:almond_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0F8D06E-B50D-41E8-9B53-DB023EC5DB3A",
              "versionEndIncluding": "al1-r201exp10-l304-w33",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:securifi:almond:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1E395E7-282D-453B-9263-1147F1C68725",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:securifi:almond-2015_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCC7722A-CB7A-4E3E-9858-5601DB8BCA7C",
              "versionEndIncluding": "al2-r088",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:securifi:almond-2015:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9FB54DB-EC2A-43EC-9EE8-C0FAFADBD912",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a fixed source-port number in outbound DNS queries performed on behalf of any device, which makes it easier for remote attackers to spoof responses by using this number for the destination port, a different vulnerability than CVE-2015-7296."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en dispositivos Securifi Almond con firmware anterior a AL1-R201EXP10-L304-W34 y dispositivos Almond-2015 con firmware anterior a AL2-R088M, usan un n\u00famero de puerto de origen fijo en consultas DNS de salida realizadas en nombre de cualquier dispositivo, lo cual hace m\u00e1s f\u00e1cil para atacantes remotos suplantar respuestas mediante el uso de este n\u00famero para el puerto de destino, una vulnerabilidad diferente a CVE-2015-7296."
    }
  ],
  "evaluatorComment": "\u003ca href=\"https://cwe.mitre.org/data/definitions/330.html\"\u003eCWE-330: Use of Insufficiently Random Values\u003c/a\u003e",
  "id": "CVE-2015-2914",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-09-21T10:59:01.960",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/906576"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/906576"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-2914 (GCVE-0-2015-2914)

GHSA-QQ45-89XG-7JPJ

VAR-201509-0478

GSD-2015-2914

CNVD-2015-06092

FKIE_CVE-2015-2914

Tags

Sightings

Nomenclature