Approved changes feed: RSS · Atom

cpe:2.3:h:securifi:almond-2015:*:*:*:*:*:*:*:*

part: h version: * update: *

VendorSecurifi (8406dcf7-f09b-5bdf-a717-cf251fbe38c0)
ProductAlmond 2015 (fcfbbf59-7fed-57a7-942b-0e23c0a73347)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2015-7296 not_vulnerable 2026-06-08 05:07:00.349416 Details available
Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a linear algorithm for selecting the ID value in the header of a DNS query performed on behalf of the device itself, which makes it easier for remote attackers to spoof responses by including this ID value, as demonstrated by a response containing the address of the firmware update server, a different vulnerability than CVE-2015-2914.
Published: 2015-09-21T10:00:00.000Z
Updated: 2024-08-06T07:43:46.107Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2015-2917 not_vulnerable 2026-06-08 05:06:36.189061 Details available
Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M unintentionally omit the X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site that contains a (1) FRAME, (2) IFRAME, or (3) OBJECT element.
Published: 2015-09-21T10:00:00.000Z
Updated: 2024-08-06T05:32:20.317Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2015-2916 not_vulnerable 2026-06-08 05:06:36.188667 Details available
Cross-site request forgery (CSRF) vulnerability on Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M allows remote attackers to hijack the authentication of arbitrary users.
Published: 2015-09-21T10:00:00.000Z
Updated: 2024-08-06T05:32:20.561Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2015-2915 not_vulnerable 2026-06-08 05:06:36.188334 Details available
Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M have a default password of admin for the admin account, which allows remote attackers to obtain web-management access by leveraging the ability to authenticate from the intranet.
Published: 2015-09-21T10:00:00.000Z
Updated: 2024-08-06T05:32:20.624Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2015-2914 not_vulnerable 2026-06-08 05:06:36.187859 Details available
Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a fixed source-port number in outbound DNS queries performed on behalf of any device, which makes it easier for remote attackers to spoof responses by using this number for the destination port, a different vulnerability than CVE-2015-7296.
Published: 2015-09-21T10:00:00.000Z
Updated: 2024-08-06T05:32:20.505Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.