CVE-2017-8328

Name of the Vulnerable Software and Affected Versions Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096

Description The issue concerns the lack of cross-site request forgery protection on the web management interface, allowing an attacker to trick a logged-in user into changing a user's password. This is described as a systemic issue.

Recommendations For Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096, consider disabling the password change functionality for the web management interface until a patch is available. Restrict access to the web management interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.