8 matches found
Securifi Almond Buffer Overflow Vulnerability
The Securifi Almond is a wireless router with a touch screen. A buffer overflow vulnerability exists in routerSummary in Securifi Almond, Almond+, and Almond 2015 using firmware version AL-R096, which can be exploited by an attacker to cause a buffer overflow or heap overflow...
Securifi Almond Command Injection Vulnerability (CNVD-2019-18745)
The Securifi Almond is a wireless router with a touch screen. A command injection vulnerability exists in the port forwarding feature in Securifi Almond, Almond+, and Almond 2015 using firmware version AL-R096, which can be exploited by an attacker to submit a malicious payload and take control o...
CVE-2017-8334
CVE-2017-8334 affects Securifi Almond, Almond+, and Almond 2015 devices running firmware AL-R096. The vulnerability stems from failing to implement protection against cross-site scripting forgery in the web management interface, enabling an attacker to lure a logged-in admin/user into executing a...
CVE-2017-8331
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of adding new port forwarding rules to the device. It seems that the POST parameters passed in this request to set up routes on the device can be set ...
CVE-2017-8329
Securifi Almond/Almond+ (2015) devices with firmware AL-R096 are affected. A POST parameter mssid_1 in the webServer’s routerSummary flow lacks string length checks, allowing an attacker to send a large payload that overflows a stack/buffer (via the goahead binary on MIPS Little Endian), potentia...
Design/Logic Flaw
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of adding new routes to the device. It seems that the POST parameters passed in this request to set up routes on the device can be set in such a way...
CVE-2017-8335
The CVE-2017-8335 issue affects Securifi Almond, Almond+, and Almond 2015 devices running firmware AL-R096. A stack/return-address overflow arises in the handling of the mssid_1 POST parameter when setting the wireless network name, via the getCfgToHTML path in the vulnerable goahead binary (MIPS...
CVE-2017-8336
The CVE-2017-8336 issue affects Securifi Almond, Almond+, and Almond 2015 devices running AL-R096. A vulnerable function in the goahead binary (MIPS little endian) processes POST parameters for creating routes; specifically, the POST parameter “gateway” can overflow the stack and allow an attacke...