CVE-2017-8334

Name of the Vulnerable Software and Affected Versions Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096

Description An issue was discovered where the device does not implement any cross-site scripting forgery protection mechanism. This allows an attacker to trick a user who is logged in to the web management interface into executing a cross-site scripting payload on the user's browser and execute any action on the device provided by the web management interface.

Recommendations For firmware AL-R096, consider disabling access to the web management interface until a patch is available to prevent cross-site scripting attacks. Restrict access to the device's web management interface to minimize the risk of exploitation. Avoid using the web management interface for critical operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.