How severe is CVE-2017-8334?

This vulnerability has a severity rating of HIGH with a CVSS score of 8 out of 10.

What type of vulnerability is CVE-2017-8334?

This is classified as CWE-352, which is a common weakness in software security.

CVE-2017-8334 - HIGH Severity | CVSS 8

Vulnerability Description

An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of blocking IP addresses using the web management interface. It seems that the device does not implement any cross-site scripting forgery protection mechanism which allows an attacker to trick a user who is logged in to the web management interface into executing a cross-site scripting payload on the user's browser and execute any action on the device provided by the web management interface.

Related Vulnerabilities

CVE-2014-100005

HIGH

CVSS:8.0(High)

Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for req...

CWE-3522014

CVE-2015-2142

HIGH

CVSS:8.0(High)

Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to (1) hijack the authentication of users for requests that cause...

CWE-3522015

CVE-2015-4630

HIGH

CVSS:8.0(High)

Multiple cross-site request forgery (CSRF) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to (1) hijack th...

CWE-3522015

CVE-2015-7284

HIGH

CVSS:8.0(High)

Cross-site request forgery (CSRF) vulnerability on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 allows remote attackers to hijack the authentication of arbitrary users.

CWE-3522015

CVE-2015-7925

HIGH

CVSS:8.0(High)

Cross-site request forgery (CSRF) vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to hijack the authentication of administrators for requests that trigger firmware u...

CWE-3522015

CVE-2015-8152

HIGH

CVSS:8.0(High)

Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to hijack the authentication of administrators for ...

CWE-3522015