Vulnerabilites related to I-O DATA DEVICE, INC. - HVL-AT4.0 firmware
jvndb-2016-000134
Vulnerability from jvndb
Published
2016-08-08 12:28
Modified
2016-10-24 18:27
Severity ?
Summary
Multiple I-O DATA Recording Hard disk products vulnerable to cross-site request forgery
Details
Multiple Recording Hard disk products provided by I-O DATA DEVICE, INC. contain a cross-site request forgery vulnerability due to an issue in the web management screen.
kaito834 reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ► | Type | URL |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000134.html",
"dc:date": "2016-10-24T18:27+09:00",
"dcterms:issued": "2016-08-08T12:28+09:00",
"dcterms:modified": "2016-10-24T18:27+09:00",
"description": "Multiple Recording Hard disk products provided by I-O DATA DEVICE, INC. contain a cross-site request forgery vulnerability due to an issue in the web management screen.\r\n\r\nkaito834 reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000134.html",
"sec:cpe": [
{
"#text": "cpe:/o:i-o_data_device:hvl-a2.0_firmware",
"@product": "HVL-A2.0 firmware",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/o:i-o_data_device:hvl-a3.0_firmware",
"@product": "HVL-A3.0 firmware",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/o:i-o_data_device:hvl-a4.0_firmware",
"@product": "HVL-A4.0 firmware",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/o:i-o_data_device:hvl-at1.0s_firmware",
"@product": "HVL-AT1.0S firmware",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/o:i-o_data_device:hvl-at2.0a_firmware",
"@product": "HVL-AT2.0A firmware",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/o:i-o_data_device:hvl-at2.0_firmware",
"@product": "HVL-AT2.0 firmware",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/o:i-o_data_device:hvl-at3.0a_firmware",
"@product": "HVL-AT3.0A firmware",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/o:i-o_data_device:hvl-at3.0_firmware",
"@product": "HVL-AT3.0 firmware",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/o:i-o_data_device:hvl-at4.0a_firmware",
"@product": "HVL-AT4.0A firmware",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/o:i-o_data_device:hvl-at4.0_firmware",
"@product": "HVL-AT4.0 firmware",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000134",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN35062083/index.html",
"@id": "JVN#35062083",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4845",
"@id": "CVE-2016-4845",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4845",
"@id": "CVE-2016-4845",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "Multiple I-O DATA Recording Hard disk products vulnerable to cross-site request forgery"
}