Uriel Yochpaz

**Name of the Vulnerable Software and Affected Versions** RAD SecFlow-1v os-image version SF 0290 2.3.01.26 **Description** The issue is related to insufficient CSRF protections for the web UI on an affected device, allowing an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. An attacker could exploit this by persuading a user of the interface to follow a malicious link, potentially allowing the attacker to perform arbitrary actions with the privilege level of the affected user. **Recommendations** For RAD SecFlow-1v os-image version SF 0290 2.3.01.26, consider implementing additional CSRF protections for the web UI to prevent exploitation. As a temporary workaround, restrict access to the web-based management interface to minimize the risk of exploitation.