CVE-2015-2914 : Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2

Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a fixed source-port number in outbound DNS queries performed on behalf of any device, which makes it easier for remote attackers to spoof responses by using this number for the destination port, a different vulnerability than CVE-2015-7296.

Published 2015-09-21 10:59:02

Updated 2025-04-12 10:46:41

Source CERT/CC

View at NVD, CVE.org

Products affected by CVE-2015-2914

Securifi » Almond-2015 Firmware
Versions up to, including, (<=) al2-r088
cpe:2.3:o:securifi:almond-2015_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Securifi » Almond-2015
Securifi » Almond Firmware
Versions up to, including, (<=) al1-r201exp10-l304-w33
cpe:2.3:o:securifi:almond_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Securifi » Almond

Exploit prediction scoring system (EPSS) score for CVE-2015-2914

EPSS FAQ

0.43%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 60 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-2914

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

References for CVE-2015-2914

http://www.kb.cert.org/vuls/id/906576

VU#906576 - Securifi Almond routers contains multiple vulnerabilities
Patch;Third Party Advisory;US Government Resource

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2015-2914

Products affected by CVE-2015-2914

Exploit prediction scoring system (EPSS) score for CVE-2015-2914

CVSS scores for CVE-2015-2914

References for CVE-2015-2914