Almond Firmware
Approved changes feed: RSS · Atom
cpe:2.3:o:securifi:almond_firmware:*:*:*:*:*:*:*:*
part: o version: * update: *
| Vendor | Securifi (8406dcf7-f09b-5bdf-a717-cf251fbe38c0) |
|---|---|
| Product | Almond Firmware (0cf4da34-9344-59ef-99b0-aea89db64de0) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2015-7296 |
vulnerable | 2026-06-08 05:07:00.347828 |
Details available
Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a linear algorithm for selecting the ID value in the header of a DNS query performed on behalf of the device itself, which makes it easier for remote attackers to spoof responses by including this ID value, as demonstrated by a response containing the address of the firmware update server, a different vulnerability than CVE-2015-2914.
Published: 2015-09-21T10:00:00.000Z
Updated: 2024-08-06T07:43:46.107Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2015-2917 |
vulnerable | 2026-06-08 05:06:36.189004 |
Details available
Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M unintentionally omit the X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site that contains a (1) FRAME, (2) IFRAME, or (3) OBJECT element.
Published: 2015-09-21T10:00:00.000Z
Updated: 2024-08-06T05:32:20.317Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2015-2916 |
vulnerable | 2026-06-08 05:06:36.188685 |
Details available
Cross-site request forgery (CSRF) vulnerability on Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M allows remote attackers to hijack the authentication of arbitrary users.
Published: 2015-09-21T10:00:00.000Z
Updated: 2024-08-06T05:32:20.561Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2015-2915 |
vulnerable | 2026-06-08 05:06:36.188273 |
Details available
Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M have a default password of admin for the admin account, which allows remote attackers to obtain web-management access by leveraging the ability to authenticate from the intranet.
Published: 2015-09-21T10:00:00.000Z
Updated: 2024-08-06T05:32:20.624Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2015-2914 |
vulnerable | 2026-06-08 05:06:36.186047 |
Details available
Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a fixed source-port number in outbound DNS queries performed on behalf of any device, which makes it easier for remote attackers to spoof responses by using this number for the destination port, a different vulnerability than CVE-2015-7296.
Published: 2015-09-21T10:00:00.000Z
Updated: 2024-08-06T05:32:20.505Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.