CVE-2017-8331

Name of the Vulnerable Software and Affected Versions Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096

Description An issue was discovered that allows command injection on the device. The device provides a user with the capability of adding new port forwarding rules, and the POST parameters passed in this request can be set to pass commands to a "system" API, resulting in command injection. The binary "goahead" contains the vulnerable function that receives the values sent by the POST request. The function sub 43C280 receives the values sent in the POST request, and the value set in POST parameter ip address is extracted and concatenated, then passed to a "system" function, allowing an attacker to provide a payload of their choice and take control of the device.

Recommendations For Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096, consider disabling the goahead binary or restricting access to the port forwarding rules feature until a patch is available. As a temporary workaround, avoid using the ip address parameter in the affected POST request to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.