Vulnerabilities (CVE)

Filtered by vendor Securifi Subscribe
Filtered by product Almond-2015 Firmware
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-7296 1 Securifi 4 Almond, Almond-2015, Almond-2015 Firmware and 1 more 2024-11-21 4.3 MEDIUM N/A
Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a linear algorithm for selecting the ID value in the header of a DNS query performed on behalf of the device itself, which makes it easier for remote attackers to spoof responses by including this ID value, as demonstrated by a response containing the address of the firmware update server, a different vulnerability than CVE-2015-2914.
CVE-2015-2917 1 Securifi 4 Almond, Almond-2015, Almond-2015 Firmware and 1 more 2024-11-21 4.3 MEDIUM N/A
Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M unintentionally omit the X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site that contains a (1) FRAME, (2) IFRAME, or (3) OBJECT element.
CVE-2015-2916 1 Securifi 4 Almond, Almond-2015, Almond-2015 Firmware and 1 more 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability on Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M allows remote attackers to hijack the authentication of arbitrary users.
CVE-2015-2915 1 Securifi 4 Almond, Almond-2015, Almond-2015 Firmware and 1 more 2024-11-21 7.3 HIGH N/A
Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M have a default password of admin for the admin account, which allows remote attackers to obtain web-management access by leveraging the ability to authenticate from the intranet.
CVE-2015-2914 1 Securifi 4 Almond, Almond-2015, Almond-2015 Firmware and 1 more 2024-11-21 5.0 MEDIUM N/A
Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a fixed source-port number in outbound DNS queries performed on behalf of any device, which makes it easier for remote attackers to spoof responses by using this number for the destination port, a different vulnerability than CVE-2015-7296.