JioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and Security Key field under Edit Wi-Fi Settings (aka a SetWiFi_Setting request to cgi-bin/qcmap_web_cgi).
CWE-352
CVE-2019-7391
ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow login/login-page.cgi CSRF.
CVE-2019-7402
An issue was discovered in PHPMyWind 5.5. The GetQQ function in include/func.class.php allows XSS via the cfg_qqcode parameter. This can be exploited via CSRF.
CVE-2019-7346
A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback function is called displaying a “Try again” button, which allows resending the failed request, making the CSRF attack successful.
CVE-2019-7357
Subrion CMS 4.2.1 has CSRF in panel/modules/plugins/. The attacker can remotely activate/deactivate the plugins.
CVE-2019-7262
Linear eMerge E3-Series devices allow Cross-Site Request Forgery (CSRF).