CVE-2017-8330

Name of the Vulnerable Software and Affected Versions Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096

Description An issue was discovered in the UPnP functionality of the devices, where the NewInMessage SOAP parameter passed with a huge payload results in crashing the process. The miniupnpd binary contains the vulnerable function that receives the values sent by the SOAP request. The function WscDevPutMessage at address 0x0041DBB8 receives the values sent in the SOAP request, and the NewInMessage parameter received at address 0x0041DC30 causes the miniupnpd process to crash when a second request is sent to the same process.

Recommendations For Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096, consider disabling the miniupnpd binary or restricting access to the UPnP functionality as a temporary workaround until a patch is available. Avoid using the NewInMessage SOAP parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.