39 matches found
EUVD-2017-17291
Malware in sbrugna...
Securifi Almond Server-Side Request Forgery Vulnerability
The Securifi Almond is a wireless router with a touch screen. A server-side request forgery vulnerability exists in the Securifi Almond, Almond+, and Almond 2015 using firmware version AL-R096, which can be exploited by a remote attacker to trick a user into changing a user password...
Securifi Almond Cross-Site Scripting Vulnerability
The Securifi Almond is a wireless router with a touch screen. A cross-site scripting vulnerability in the Securifi Almond, Almond+, and Almond 2015 using firmware version AL-R096 can be exploited by a remote attacker to take control of the device as the admin user, execute arbitrary code, or chan...
Securifi Almond buffer overflow vulnerability (CNVD-2019-18743)
The Securifi Almond is a wireless router with a touch screen. A buffer overflow vulnerability exists in getCfgToHTML in Securifi Almond, Almond+, and Almond 2015 using firmware version AL-R096, which can be exploited by an attacker to cause a buffer overflow or heap overflow...
Securifi Almond Command Injection Vulnerability (CNVD-2019-18745)
The Securifi Almond is a wireless router with a touch screen. A command injection vulnerability exists in the port forwarding feature in Securifi Almond, Almond+, and Almond 2015 using firmware version AL-R096, which can be exploited by an attacker to submit a malicious payload and take control o...
CVE-2017-8334
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of blocking IP addresses using the web management interface. It seems that the device does not implement any cross-site scripting forgery protection...
CVE-2017-8328
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of changing the administrative password for the web management interface. It seems that the device does not implement any cross site request forgery...
CVE-2017-8330
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a UPnP functionality for devices to interface with the router and interact with the device. It seems that the "NewInMessage" SOAP parameter passed with a huge payload results in...
CVE-2017-8328
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of changing the administrative password for the web management interface. It seems that the device does not implement any cross site request forgery...
CVE-2017-8337
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of executing various actions on the web management interface. It seems that the device does not implement any Origin header check which allows an...
CVE-2017-8332
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of blocking key words passing in the web traffic to prevent kids from watching content that might be deemed unsafe using the web management interface...
CVE-2017-8330
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a UPnP functionality for devices to interface with the router and interact with the device. It seems that the "NewInMessage" SOAP parameter passed with a huge payload results in...
CVE-2017-8332
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of blocking key words passing in the web traffic to prevent kids from watching content that might be deemed unsafe using the web management interface...
Design/Logic Flaw
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of executing various actions on the web management interface. It seems that the device does not implement any Origin header check which allows an...
Cross site scripting
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of blocking key words passing in the web traffic to prevent kids from watching content that might be deemed unsafe using the web management interface...
Input validation
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a UPnP functionality for devices to interface with the router and interact with the device. It seems that the "NewInMessage" SOAP parameter passed with a huge payload results in...
Cross site scripting
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of changing the administrative password for the web management interface. It seems that the device does not implement any cross site request forgery...
CVE-2017-8330
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a UPnP functionality for devices to interface with the router and interact with the device. It seems that the "NewInMessage" SOAP parameter passed with a huge payload results in...
CVE-2017-8332
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of blocking key words passing in the web traffic to prevent kids from watching content that might be deemed unsafe using the web management interface...
CVE-2017-8334
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of blocking IP addresses using the web management interface. It seems that the device does not implement any cross-site scripting forgery protection...