Sign-up

ID

VAR-201906-0772


CVE

CVE-2017-8331


TITLE

plural Securifi Almond Command injection vulnerability in device firmware

Trust: 0.8

sources: JVNDB: JVNDB-2017-014536

DESCRIPTION

An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of adding new port forwarding rules to the device. It seems that the POST parameters passed in this request to set up routes on the device can be set in such a way that would result in passing commands to a "system" API in the function and thus result in command injection on the device. If the firmware version AL-R096 is dissected using binwalk tool, we obtain a cpio-root archive which contains the filesystem set up on the device that contains all the binaries. The binary "goahead" is the one that has the vulnerable function that recieves the values sent by the POST request. If we open this binary in IDA-pro we will notice that this follows a MIPS little endian format. The function sub_43C280in IDA pro is identified to be receiving the values sent in the POST request and the value set in POST parameter "ip_address" is extracted at address 0x0043C2F0. The POST parameter "ipaddress" is concatenated at address 0x0043C958 and this is passed to a "system" function at address 0x00437284. This allows an attacker to provide the payload of his/her choice and finally take control of the device. Securifi Almond , Almond+ , Almond 2015 The device firmware contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SecurifiAlmond is a wireless router with a touch screen

Trust: 2.34

sources: NVD: CVE-2017-8331 // JVNDB: JVNDB-2017-014536 // CNVD: CNVD-2019-18745 // VULHUB: VHN-116534 // VULMON: CVE-2017-8331

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-18745

AFFECTED PRODUCTS

vendor:securifimodel:almond 2015scope:eqversion:al-r096

Trust: 1.8

vendor:securifimodel:almondscope:eqversion:al-r096

Trust: 1.8

vendor:securifimodel:almond\+scope:eqversion:al-r096

Trust: 1.0

vendor:securifimodel:almond+scope:eqversion:al-r096

Trust: 0.8

vendor:securifimodel:almond+ al-r096scope: - version: -

Trust: 0.6

vendor:securifimodel:almond-2015 al-r096scope: - version: -

Trust: 0.6

vendor:securifimodel:almond al-r096scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-18745 // JVNDB: JVNDB-2017-014536 // NVD: CVE-2017-8331

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-8331
value: HIGH

Trust: 1.0

NVD: CVE-2017-8331
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-18745
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201906-711
value: HIGH

Trust: 0.6

VULHUB: VHN-116534
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-8331
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-8331
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-18745
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-116534
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-8331
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-18745 // VULHUB: VHN-116534 // VULMON: CVE-2017-8331 // JVNDB: JVNDB-2017-014536 // CNNVD: CNNVD-201906-711 // NVD: CVE-2017-8331

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.9

sources: VULHUB: VHN-116534 // JVNDB: JVNDB-2017-014536 // NVD: CVE-2017-8331

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-711

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-201906-711

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014536

PATCH
title:almondurl:https://www.securifi.com/ja/almond
Trust: 0.8
title:almondplusurl:https://www.securifi.com/ja/almondplus
Trust: 0.8
title:almond-2015url:https://www.securifi.com/ja/almond-2015
Trust: 0.8
title:Patch for SecurifiAlmond Command Injection Vulnerability (CNVD-2019-18745)url:https://www.cnvd.org.cn/patchInfo/show/164223
Trust: 0.6
title:Securifi Almond Fixes for command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93896
Trust: 0.6
title:IoT_vulnerabilitiesurl:https://github.com/ethanhunnt/IoT_vulnerabilities 
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-18745 // 
            
            
            
            VULMON: CVE-2017-8331 // 
            
            
            
            JVNDB: JVNDB-2017-014536 // 
            
            
            
            CNNVD: CNNVD-201906-711

EXTERNAL IDS
db:NVDid:CVE-2017-8331
Trust: 3.3
db:PACKETSTORMid:153227
Trust: 2.5
db:JVNDBid:JVNDB-2017-014536
Trust: 0.8
db:CNNVDid:CNNVD-201906-711
Trust: 0.7
db:CNVDid:CNVD-2019-18745
Trust: 0.6
db:VULHUBid:VHN-116534
Trust: 0.1
db:VULMONid:CVE-2017-8331
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-18745 // 
            
            
            
            VULHUB: VHN-116534 // 
            
            
            
            VULMON: CVE-2017-8331 // 
            
            
            
            JVNDB: JVNDB-2017-014536 // 
            
            
            
            PACKETSTORM: 153227 // 
            
            
            
            CNNVD: CNNVD-201906-711 // 
            
            
            
            NVD: CVE-2017-8331

REFERENCES
url:https://github.com/ethanhunnt/iot_vulnerabilities/blob/master/securifi_almond_plus_sec_issues.pdf
Trust: 3.2
url:https://seclists.org/bugtraq/2019/jun/8
Trust: 2.4
url:http://packetstormsecurity.com/files/153227/securifi-almond-2015-buffer-overflow-command-injection-xss-csrf.html
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2017-8331
Trust: 1.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8331
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/77.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/ethanhunnt/iot_vulnerabilities
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-8330
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-8333
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-8335
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-8329
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-8337
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-8328
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-8336
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-8334
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-8332
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-18745 // 
            
            
            
            VULHUB: VHN-116534 // 
            
            
            
            VULMON: CVE-2017-8331 // 
            
            
            
            JVNDB: JVNDB-2017-014536 // 
            
            
            
            PACKETSTORM: 153227 // 
            
            
            
            CNNVD: CNNVD-201906-711 // 
            
            
            
            NVD: CVE-2017-8331

CREDITS
Mandar Satam
Trust: 0.1
sources:
            
            
            PACKETSTORM: 153227

SOURCES
db:CNVDid:CNVD-2019-18745
db:VULHUBid:VHN-116534
db:VULMONid:CVE-2017-8331
db:JVNDBid:JVNDB-2017-014536
db:PACKETSTORMid:153227
db:CNNVDid:CNNVD-201906-711
db:NVDid:CVE-2017-8331

LAST UPDATE DATE
2024-11-23T21:52:10.253000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-18745date:2019-06-21T00:00:00
db:VULHUBid:VHN-116534date:2019-06-21T00:00:00
db:VULMONid:CVE-2017-8331date:2019-06-21T00:00:00
db:JVNDBid:JVNDB-2017-014536date:2019-06-25T00:00:00
db:CNNVDid:CNNVD-201906-711date:2019-06-24T00:00:00
db:NVDid:CVE-2017-8331date:2024-11-21T03:33:46.623

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-18745date:2019-06-21T00:00:00
db:VULHUBid:VHN-116534date:2019-06-18T00:00:00
db:VULMONid:CVE-2017-8331date:2019-06-18T00:00:00
db:JVNDBid:JVNDB-2017-014536date:2019-06-25T00:00:00
db:PACKETSTORMid:153227date:2019-06-07T15:06:02
db:CNNVDid:CNNVD-201906-711date:2019-06-18T00:00:00
db:NVDid:CVE-2017-8331date:2019-06-18T20:15:11.813