CVE-2017-8334

An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of blocking IP addresses using the web management interface. It seems that the device does not implement any cross-site scripting forgery protection...

CVE-2017-8334

CVE-2017-8334 affects Securifi Almond, Almond+, and Almond 2015 devices running firmware AL-R096. The vulnerability stems from failing to implement protection against cross-site scripting forgery in the web management interface, enabling an attacker to lure a logged-in admin/user into executing a...

CVE-2017-8328

The CVE-2017-8328 entry describes a CSRF flaw in Securifi Almond/Almond+ (2015) firmware AL-R096 where an attacker can coerce a logged-in user to change a password via the web management interface due to the absence of CSRF protection. Connected sources (NVD/CNVD/CVE records) confirm that the vul...

CVE-2017-8328

An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of changing the administrative password for the web management interface. It seems that the device does not implement any cross site request forgery...

CVE-2017-8333

An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of adding new routes to the device. It seems that the POST parameters passed in this request to set up routes on the device can be set in such a way...

CVE-2017-8331

An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of adding new port forwarding rules to the device. It seems that the POST parameters passed in this request to set up routes on the device can be set ...

CVE-2017-8331

An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of adding new port forwarding rules to the device. It seems that the POST parameters passed in this request to set up routes on the device can be set ...

CVE-2017-8333

An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of adding new routes to the device. It seems that the POST parameters passed in this request to set up routes on the device can be set in such a way...

CVE-2017-8329

An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of setting a name for the wireless network. These values are stored by the device in NVRAM Non-volatile RAM. It seems that the POST parameters passed ...

Design/Logic Flaw

An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of setting a name for the wireless network. These values are stored by the device in NVRAM Non-volatile RAM. It seems that the POST parameters passed ...

Command injection

An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of adding new port forwarding rules to the device. It seems that the POST parameters passed in this request to set up routes on the device can be set ...

Command injection

An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of adding new routes to the device. It seems that the POST parameters passed in this request to set up routes on the device can be set in such a way...

CVE-2017-8331

An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of adding new port forwarding rules to the device. It seems that the POST parameters passed in this request to set up routes on the device can be set ...

CVE-2017-8331

CVE-2017-8331 affects Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The flaw in the port-forwarding feature allows crafted POST input to reach a system() call via the goahead binary (MIPS little-endian), where the POST parameter ip_address/ipaddress is extracted and con...

CVE-2017-8333

An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of adding new routes to the device. It seems that the POST parameters passed in this request to set up routes on the device can be set in such a way...

CVE-2017-8333

CVE-2017-8333 affects Securifi Almond/Almond+ (2015) devices running firmware AL-R096. The flaw resides in the route-adding feature: user-supplied POST parameters intended to configure routes can be fed into a vulnerable function in the goahead binary (MIPS little‑endian) and passed to popen, ena...

CVE-2017-8329

An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of setting a name for the wireless network. These values are stored by the device in NVRAM Non-volatile RAM. It seems that the POST parameters passed ...

CVE-2017-8336

An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of adding new routes to the device. It seems that the POST parameters passed in this request to set up routes on the device can be set in such a way...

CVE-2017-8335

An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of setting name for wireless network. These values are stored by the device in NVRAM Non-volatile RAM. It seems that the POST parameters passed in thi...

Design/Logic Flaw

An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of adding new routes to the device. It seems that the POST parameters passed in this request to set up routes on the device can be set in such a way...