CVE-2017-8334

An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of blocking IP addresses using the web management interface. It seems that the device does not implement any cross-site scripting forgery protection mechanism which allows an attacker to trick a user who is logged in to the web management interface into executing a cross-site scripting payload on the user's browser and execute any action on the device provided by the web management interface.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:securifi:almond_2015_firmware:al-r096:*:*:*:*:*:*:*
cpe:2.3:h:securifi:almond_2015:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:securifi:almond\+firmware:al-r096:*:*:*:*:*:*:*
cpe:2.3:h:securifi:almond\+:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:securifi:almond_firmware:al-r096:*:*:*:*:*:*:*
cpe:2.3:h:securifi:almond:-:*:*:*:*:*:*:*

Information

Published : 2019-06-18 14:15

Updated : 2019-06-20 18:46


NVD link : CVE-2017-8334

Mitre link : CVE-2017-8334


JSON object : View

CWE
CWE-352

Cross-Site Request Forgery (CSRF)

Advertisement

dedicated server usa

Products Affected

securifi

  • almond_2015_firmware
  • almond_2015
  • almond\+
  • almond
  • almond\+firmware
  • almond_firmware