CVE-2017-8335

Name of the Vulnerable Software and Affected Versions Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096

Description An issue was discovered in the device's handling of wireless network names. The device stores these values in NVRAM and does not perform a string length check on the POST parameters, allowing an attacker to send a large payload in the mssid 1 parameter. This can lead to a stack overflow when the device processes a request to view the wireless network name, enabling an attacker to control the device by executing a payload of their choice. The vulnerable function is located in the goahead binary and follows a MIPS little endian format.

Recommendations For Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096, consider disabling the getCfgToHTML function until a patch is available to prevent exploitation. Restrict access to the goahead binary to minimize the risk of exploitation. Avoid using the mssid 1 parameter in the affected POST request until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.