CVE-2017-8333

Name of the Vulnerable Software and Affected Versions Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096

Description An issue was discovered that allows command injection on the device. The device provides a user with the capability of adding new routes, and the POST parameters passed in this request can be set to pass commands to a "popen" API, resulting in command injection. The binary "goahead" contains the vulnerable function that receives the values sent by the POST request. The function sub 00420F38 receives the values sent in the POST request, and the value set in POST parameter dest is extracted and concatenated in a route add command, which is passed to a "popen" function. This allows an attacker to provide a payload of their choice and take control of the device.

Recommendations For Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096, consider disabling the goahead binary or restricting access to the route addition feature until a patch is available. As a temporary workaround, avoid using the dest parameter in the affected POST request to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.