excito B3 tor webinterface is vulnerable to CSRF attacks
The excito B3 webinterface (v2.4.1.1) is vulnerable to CSRF attacks (HTTP POST only). This is likely not specific to the tor administration webinterface but also affects tor.
An attacker could exploit this vulnerability to enable/disable/configure tor on the B3 if the victim browses the web while being logged in on the B3 device.
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information