Skip to main content

Almond Firmware CVE-2015-2915

HIGH
Credentials Management Errors (CWE-255)
2015-09-21 cret@cert.org
7.3
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
7.3 HIGH
AV:A/AC:L/Au:N/C:P/I:P/A:C

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:A/AC:L/Au:N/C:P/I:P/A:C
Attack Vector
Adjacent
Attack Complexity
Low
Confidentiality
P
Integrity
P
Availability
C

Lifecycle Timeline

1
CVE Published
Sep 21, 2015 - 10:59 cve.org
HIGH 7.3

DescriptionCVE.org

Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M have a default password of admin for the admin account, which allows remote attackers to obtain web-management access by leveraging the ability to authenticate from the intranet.

AnalysisAI

Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M have a default password of admin for the admin account, which allows remote. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-255. Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M have a default password of admin for the admin account, which allows remote attackers to obtain web-management access by leveraging the ability to authenticate from the intranet. Affected products include: Securifi Almond Firmware, Securifi Almond-2015 Firmware.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2015-2915 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy