CVE-2017-8334

HIGH

Securifi Almond AL-R096 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of blocking IP addresses using the web management interface. It seems that the device does not implement any cross-site scripting forgery protection mechanism which allows an attacker to trick a user who is logged in to the web management interface into executing a cross-site scripting payload on the user's browser and execute any action on the device provided by the web management interface.

References (3)

Core 3

Scores

CVSS v3 8.0
EPSS 0.0093
EPSS Percentile 56.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (3)
securifi/almond\+firmware al-r096
securifi/almond_2015_firmware al-r096
securifi/almond_firmware al-r096
Published Jun 18, 2019
Tracked Since Feb 18, 2026