VAR-201509-0479
Vulnerability from variot - Updated: 2025-04-13 23:03Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M have a default password of admin for the admin account, which allows remote attackers to obtain web-management access by leveraging the ability to authenticate from the intranet. admin To use a password, Web There is a vulnerability that gains administrative access.By using an authentication function from an intranet by a third party, Web You may get administrative access. Securifi Almond is a wireless router product from Securifi. Securifi Almond uses a default password, which has a cross-site request forgery vulnerability that allows remote attackers to build malicious URIs, entice users to resolve, and perform malicious actions in the target user context. Securifi Almond and Almond 2015 are prone to the following security vulnerabilities: 1. A Predictable Random Number Generator Weakness. 2. An information-disclosure vulnerability 3. Insecure Default Password Vulnerability 4. A cross-site request-forgery vulnerability. 5. A security-bypass vulnerability. An attacker can exploit these issues to bypass security restrictions and perform certain unauthorized actions, brute-force attacks, bypass-authentication mechanisms, or gain access to potentially sensitive information. This may lead to further attacks. A remote attacker authenticated on the intranet can exploit this vulnerability to gain access to web-management
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201509-0479",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "almond-2015",
"scope": "lte",
"trust": 1.0,
"vendor": "securifi",
"version": "al2-r088"
},
{
"model": "almond",
"scope": "lte",
"trust": 1.0,
"vendor": "securifi",
"version": "al1-r201exp10-l304-w33"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "securifi",
"version": null
},
{
"model": "almond",
"scope": null,
"trust": 0.8,
"vendor": "securifi",
"version": null
},
{
"model": "almond 2015",
"scope": null,
"trust": 0.8,
"vendor": "securifi",
"version": null
},
{
"model": "almond 2015",
"scope": "lt",
"trust": 0.8,
"vendor": "securifi",
"version": "al2-r088m"
},
{
"model": "almond",
"scope": "lt",
"trust": 0.8,
"vendor": "securifi",
"version": "al1-r201exp10-l304-w34"
},
{
"model": "almond \u003cal1-r201exp10-l304-w34",
"scope": null,
"trust": 0.6,
"vendor": "securifi",
"version": null
},
{
"model": "almond-2015 \u003cal2-r088m",
"scope": null,
"trust": 0.6,
"vendor": "securifi",
"version": null
},
{
"model": "almond",
"scope": "eq",
"trust": 0.6,
"vendor": "securifi",
"version": "al1-r201exp10-l304-w33"
},
{
"model": "almond-2015",
"scope": "eq",
"trust": 0.6,
"vendor": "securifi",
"version": "al2-r088"
},
{
"model": "almond al2-r088",
"scope": "eq",
"trust": 0.3,
"vendor": "securifi",
"version": "2015"
},
{
"model": "almond al1-r200-l302-w33",
"scope": null,
"trust": 0.3,
"vendor": "securifi",
"version": null
},
{
"model": "almond al2-r088m",
"scope": "ne",
"trust": 0.3,
"vendor": "securifi",
"version": "2015"
},
{
"model": "almond al1-r201exp10-l304-w",
"scope": "ne",
"trust": 0.3,
"vendor": "securifi",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "CNVD",
"id": "CNVD-2015-06093"
},
{
"db": "BID",
"id": "76701"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004893"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-201"
},
{
"db": "NVD",
"id": "CVE-2015-2915"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:securifi:almond",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:securifi:almond-2015",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:securifi:almond-2015_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:securifi:almond_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004893"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Joel Land of the CERT/CC",
"sources": [
{
"db": "BID",
"id": "76701"
}
],
"trust": 0.3
},
"cve": "CVE-2015-2915",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CVE-2015-2915",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2015-06093",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "VHN-80876",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:P/I:P/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-2915",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-2915",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-06093",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-201",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-80876",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06093"
},
{
"db": "VULHUB",
"id": "VHN-80876"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004893"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-201"
},
{
"db": "NVD",
"id": "CVE-2015-2915"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M have a default password of admin for the admin account, which allows remote attackers to obtain web-management access by leveraging the ability to authenticate from the intranet. admin To use a password, Web There is a vulnerability that gains administrative access.By using an authentication function from an intranet by a third party, Web You may get administrative access. Securifi Almond is a wireless router product from Securifi. Securifi Almond uses a default password, which has a cross-site request forgery vulnerability that allows remote attackers to build malicious URIs, entice users to resolve, and perform malicious actions in the target user context. Securifi Almond and Almond 2015 are prone to the following security vulnerabilities:\n1. A Predictable Random Number Generator Weakness. \n2. An information-disclosure vulnerability\n3. Insecure Default Password Vulnerability\n4. A cross-site request-forgery vulnerability. \n5. A security-bypass vulnerability. \nAn attacker can exploit these issues to bypass security restrictions and perform certain unauthorized actions, brute-force attacks, bypass-authentication mechanisms, or gain access to potentially sensitive information. This may lead to further attacks. A remote attacker authenticated on the intranet can exploit this vulnerability to gain access to web-management",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2915"
},
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004893"
},
{
"db": "CNVD",
"id": "CNVD-2015-06093"
},
{
"db": "BID",
"id": "76701"
},
{
"db": "VULHUB",
"id": "VHN-80876"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#906576",
"trust": 4.2
},
{
"db": "NVD",
"id": "CVE-2015-2915",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVNVU99004652",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004893",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201509-201",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-06093",
"trust": 0.6
},
{
"db": "BID",
"id": "76701",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-80876",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "CNVD",
"id": "CNVD-2015-06093"
},
{
"db": "VULHUB",
"id": "VHN-80876"
},
{
"db": "BID",
"id": "76701"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004893"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-201"
},
{
"db": "NVD",
"id": "CVE-2015-2915"
}
]
},
"id": "VAR-201509-0479",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06093"
},
{
"db": "VULHUB",
"id": "VHN-80876"
}
],
"trust": 1.3571700766666668
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06093"
}
]
},
"last_update_date": "2025-04-13T23:03:49.472000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.securifi.com/almond"
},
{
"title": "Patch of Securifi Almond cross-site request forgery vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/64195"
},
{
"title": "AL1-R201EXP10-L304-W34",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57700"
},
{
"title": "AL2-R088m",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57701"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06093"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004893"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-201"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80876"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004893"
},
{
"db": "NVD",
"id": "CVE-2015-2915"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.kb.cert.org/vuls/id/906576"
},
{
"trust": 1.7,
"url": "http://www.securifi.com/almond"
},
{
"trust": 1.4,
"url": "https://firmware.securifi.com/al1/al1-r201exp10-l304-w34"
},
{
"trust": 1.4,
"url": "https://firmware.securifi.com/al2/al2-r088m"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/330.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/319.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2915"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99004652/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2915"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "CNVD",
"id": "CNVD-2015-06093"
},
{
"db": "VULHUB",
"id": "VHN-80876"
},
{
"db": "BID",
"id": "76701"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004893"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-201"
},
{
"db": "NVD",
"id": "CVE-2015-2915"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#906576"
},
{
"db": "CNVD",
"id": "CNVD-2015-06093"
},
{
"db": "VULHUB",
"id": "VHN-80876"
},
{
"db": "BID",
"id": "76701"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004893"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-201"
},
{
"db": "NVD",
"id": "CVE-2015-2915"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-10T00:00:00",
"db": "CERT/CC",
"id": "VU#906576"
},
{
"date": "2015-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06093"
},
{
"date": "2015-09-21T00:00:00",
"db": "VULHUB",
"id": "VHN-80876"
},
{
"date": "2015-09-10T00:00:00",
"db": "BID",
"id": "76701"
},
{
"date": "2015-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004893"
},
{
"date": "2015-09-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-201"
},
{
"date": "2015-09-21T10:59:03.257000",
"db": "NVD",
"id": "CVE-2015-2915"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-15T00:00:00",
"db": "CERT/CC",
"id": "VU#906576"
},
{
"date": "2015-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06093"
},
{
"date": "2015-09-30T00:00:00",
"db": "VULHUB",
"id": "VHN-80876"
},
{
"date": "2015-09-10T00:00:00",
"db": "BID",
"id": "76701"
},
{
"date": "2015-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004893"
},
{
"date": "2015-09-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-201"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-2915"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-201"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Securifi Almond routers contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#906576"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-201"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…