Vulnerability Note VU#906576
Securifi Almond routers contains multiple vulnerabilities
Securifi Almond, firmware version AL1-R200-L302-W33 and earlier, and Securifi Almond 2015, firmware version AL2-R088 and earlier, contain multiple vulnerabilities.
CWE-330: Use of Insufficiently Random Values - CVE-2015-2914
Securifi Almond and Almond 2015 use static source ports for all DNS queries originating from the local area network (LAN). Additionally, DNS queries originating from the Almond itself, such as those to resolve the name of the firmware update server, use predictable TXIDs that start at 0x0002 and increase incrementally. An attacker with the ability to spoof DNS responses can cause Almond LAN clients to contact incorrect or malicious hosts under the attacker's control.
A remote, unauthenticated attacker may be able to spoof DNS responses to cause Almond LAN clients to contact attacker-controlled hosts or induce an authenticated user into making an unintentional request to the web server that will be treated as an authentic request.
Apply an update
Limit usage of web management
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Securifi||Affected||09 Jul 2015||24 Aug 2015|
CVSS Metrics (Learn More)
These vulnerabilities were reported by Joel Land of the CERT/CC.
This document was written by Joel Land.
- CVE IDs: CVE-2015-2914 CVE-2015-2915 CVE-2015-2916 CVE-2015-2917
- Date Public: 10 Sep 2015
- Date First Published: 10 Sep 2015
- Date Last Updated: 15 Sep 2015
- Document Revision: 30
If you have feedback, comments, or additional information about this vulnerability, please send us email.