CVE-2015-2917 Information

Description

Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M unintentionally omit the X-Frame-Options HTTP header which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site that contains a (1) FRAME (2) IFRAME or (3) OBJECT element.

Reference

http://www.kb.cert.org/vuls/id/906576