A successful CSRF attack could force the user to perform state changing requests on the application. If the victim is an administrative account, a CSRF attack could compromise the entire web application.

Through the exploitation of active user sessions, an attacker could send custom requests to cause a denial-of-service condition on the device.