Sign-up

ID

VAR-201509-0479


CVE

CVE-2015-2915


TITLE

Securifi Almond routers contains multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#906576

DESCRIPTION

Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M have a default password of admin for the admin account, which allows remote attackers to obtain web-management access by leveraging the ability to authenticate from the intranet. admin To use a password, Web There is a vulnerability that gains administrative access.By using an authentication function from an intranet by a third party, Web You may get administrative access. Securifi Almond is a wireless router product from Securifi. Securifi Almond uses a default password, which has a cross-site request forgery vulnerability that allows remote attackers to build malicious URIs, entice users to resolve, and perform malicious actions in the target user context. Securifi Almond and Almond 2015 are prone to the following security vulnerabilities: 1. A Predictable Random Number Generator Weakness. 2. An information-disclosure vulnerability 3. Insecure Default Password Vulnerability 4. A cross-site request-forgery vulnerability. 5. A security-bypass vulnerability. An attacker can exploit these issues to bypass security restrictions and perform certain unauthorized actions, brute-force attacks, bypass-authentication mechanisms, or gain access to potentially sensitive information. This may lead to further attacks. A remote attacker authenticated on the intranet can exploit this vulnerability to gain access to web-management

Trust: 3.24

sources: NVD: CVE-2015-2915 // CERT/CC: VU#906576 // JVNDB: JVNDB-2015-004893 // CNVD: CNVD-2015-06093 // BID: 76701 // VULHUB: VHN-80876

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-06093

AFFECTED PRODUCTS

vendor:securifimodel:almond-2015scope:lteversion:al2-r088

Trust: 1.0

vendor:securifimodel:almondscope:lteversion:al1-r201exp10-l304-w33

Trust: 1.0

vendor:securifimodel: - scope: - version: -

Trust: 0.8

vendor:securifimodel:almondscope: - version: -

Trust: 0.8

vendor:securifimodel:almond 2015scope: - version: -

Trust: 0.8

vendor:securifimodel:almond 2015scope:ltversion:al2-r088m

Trust: 0.8

vendor:securifimodel:almondscope:ltversion:al1-r201exp10-l304-w34

Trust: 0.8

vendor:securifimodel:almond <al1-r201exp10-l304-w34scope: - version: -

Trust: 0.6

vendor:securifimodel:almond-2015 <al2-r088mscope: - version: -

Trust: 0.6

vendor:securifimodel:almondscope:eqversion:al1-r201exp10-l304-w33

Trust: 0.6

vendor:securifimodel:almond-2015scope:eqversion:al2-r088

Trust: 0.6

vendor:securifimodel:almond al2-r088scope:eqversion:2015

Trust: 0.3

vendor:securifimodel:almond al1-r200-l302-w33scope: - version: -

Trust: 0.3

vendor:securifimodel:almond al2-r088mscope:neversion:2015

Trust: 0.3

vendor:securifimodel:almond al1-r201exp10-l304-wscope:neversion: -

Trust: 0.3

sources: CERT/CC: VU#906576 // CNVD: CNVD-2015-06093 // BID: 76701 // JVNDB: JVNDB-2015-004893 // CNNVD: CNNVD-201509-201 // NVD: CVE-2015-2915

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-2915
value: HIGH

Trust: 1.0

NVD: CVE-2015-2915
value: HIGH

Trust: 0.8

CNVD: CNVD-2015-06093
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201509-201
value: HIGH

Trust: 0.6

VULHUB: VHN-80876
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-2915
severity: HIGH
baseScore: 7.3
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-06093
severity: MEDIUM
baseScore: 4.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-80876
severity: HIGH
baseScore: 7.3
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-06093 // VULHUB: VHN-80876 // JVNDB: JVNDB-2015-004893 // CNNVD: CNNVD-201509-201 // NVD: CVE-2015-2915

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

sources: VULHUB: VHN-80876 // JVNDB: JVNDB-2015-004893 // NVD: CVE-2015-2915

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201509-201

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201509-201

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004893

PATCH
title:Top Pageurl:http://www.securifi.com/almond
Trust: 0.8
title:Patch of Securifi Almond cross-site request forgery vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/64195
Trust: 0.6
title:AL1-R201EXP10-L304-W34url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57700
Trust: 0.6
title:AL2-R088murl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57701
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-06093 // 
            
            
            
            JVNDB: JVNDB-2015-004893 // 
            
            
            
            CNNVD: CNNVD-201509-201

EXTERNAL IDS
db:CERT/CCid:VU#906576
Trust: 4.2
db:NVDid:CVE-2015-2915
Trust: 3.4
db:JVNid:JVNVU99004652
Trust: 0.8
db:JVNDBid:JVNDB-2015-004893
Trust: 0.8
db:CNNVDid:CNNVD-201509-201
Trust: 0.7
db:CNVDid:CNVD-2015-06093
Trust: 0.6
db:BIDid:76701
Trust: 0.3
db:VULHUBid:VHN-80876
Trust: 0.1
sources:
            
            
            CERT/CC: VU#906576 // 
            
            
            
            CNVD: CNVD-2015-06093 // 
            
            
            
            VULHUB: VHN-80876 // 
            
            
            
            BID: 76701 // 
            
            
            
            JVNDB: JVNDB-2015-004893 // 
            
            
            
            CNNVD: CNNVD-201509-201 // 
            
            
            
            NVD: CVE-2015-2915

REFERENCES
url:http://www.kb.cert.org/vuls/id/906576
Trust: 3.4
url:http://www.securifi.com/almond
Trust: 1.7
url:https://firmware.securifi.com/al1/al1-r201exp10-l304-w34
Trust: 1.4
url:https://firmware.securifi.com/al2/al2-r088m
Trust: 1.4
url:https://cwe.mitre.org/data/definitions/330.html
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/319.html
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/255.html
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/352.html
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2915
Trust: 0.8
url:http://jvn.jp/vu/jvnvu99004652/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2915
Trust: 0.8
sources:
            
            
            CERT/CC: VU#906576 // 
            
            
            
            CNVD: CNVD-2015-06093 // 
            
            
            
            VULHUB: VHN-80876 // 
            
            
            
            BID: 76701 // 
            
            
            
            JVNDB: JVNDB-2015-004893 // 
            
            
            
            CNNVD: CNNVD-201509-201 // 
            
            
            
            NVD: CVE-2015-2915

CREDITS
Joel Land of the CERT/CC
Trust: 0.3
sources:
            
            
            BID: 76701

SOURCES
db:CERT/CCid:VU#906576
db:CNVDid:CNVD-2015-06093
db:VULHUBid:VHN-80876
db:BIDid:76701
db:JVNDBid:JVNDB-2015-004893
db:CNNVDid:CNNVD-201509-201
db:NVDid:CVE-2015-2915

LAST UPDATE DATE
2025-04-13T23:03:49.472000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#906576date:2015-09-15T00:00:00
db:CNVDid:CNVD-2015-06093date:2015-09-22T00:00:00
db:VULHUBid:VHN-80876date:2015-09-30T00:00:00
db:BIDid:76701date:2015-09-10T00:00:00
db:JVNDBid:JVNDB-2015-004893date:2015-09-29T00:00:00
db:CNNVDid:CNNVD-201509-201date:2015-09-22T00:00:00
db:NVDid:CVE-2015-2915date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CERT/CCid:VU#906576date:2015-09-10T00:00:00
db:CNVDid:CNVD-2015-06093date:2015-09-22T00:00:00
db:VULHUBid:VHN-80876date:2015-09-21T00:00:00
db:BIDid:76701date:2015-09-10T00:00:00
db:JVNDBid:JVNDB-2015-004893date:2015-09-29T00:00:00
db:CNNVDid:CNNVD-201509-201date:2015-09-17T00:00:00
db:NVDid:CVE-2015-2915date:2015-09-21T10:59:03.257