Vulnerabilities > Iodata

DATE CVE VULNERABILITY TITLE RISK
2017-04-28 CVE-2017-2113 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Iodata products
Buffer overflow in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
low complexity
iodata CWE-119
8.3
2017-04-28 CVE-2017-2112 OS Command Injection vulnerability in Iodata products
TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
low complexity
iodata CWE-78
8.3
2017-04-28 CVE-2017-2111 CRLF Injection vulnerability in Iodata products
HTTP header injection vulnerability in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier may allow a remote attackers to display false information.
network
iodata CWE-93
4.3
2017-04-13 CVE-2014-3887 Cross-site Scripting vulnerability in Iodata Rockdisk Firmware
Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
iodata CWE-79
3.5
2016-09-24 CVE-2016-4845 Cross-Site Request Forgery (CSRF) vulnerability in Iodata products
Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE HVL-A2.0, HVL-A3.0, HVL-A4.0, HVL-AT1.0S, HVL-AT2.0, HVL-AT3.0, HVL-AT4.0, HVL-AT2.0A, HVL-AT3.0A, and HVL-AT4.0A devices with firmware before 2.04 allows remote attackers to hijack the authentication of arbitrary users for requests that delete content.
network
iodata CWE-352
6.8
2016-06-19 CVE-2016-4821 Denial of Service vulnerability in I-O DATA DEVICE ETX-R
I-O DATA DEVICE ETX-R devices allow remote attackers to cause a denial of service (web-server crash) via unspecified vectors.
network
low complexity
iodata
5.0
2016-06-19 CVE-2016-4820 Cross-Site Request Forgery (CSRF) vulnerability in Iodata Etx-R Firmware
Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE ETX-R devices allows remote attackers to hijack the authentication of arbitrary users.
network
iodata CWE-352
6.8
2016-05-14 CVE-2016-1207 Cross-site Scripting vulnerability in Iodata products
Cross-site scripting (XSS) vulnerability on I-O DATA DEVICE WN-G300R devices with firmware 1.12 and earlier, WN-G300R2 devices with firmware 1.12 and earlier, and WN-G300R3 devices with firmware 1.01 and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
iodata CWE-79
3.5
2016-05-14 CVE-2016-1206 Information Exposure vulnerability in Iodata Wn-Gdn/R3 Firmware
The WPS implementation on I-O DATA DEVICE WN-GDN/R3, WN-GDN/R3-C, WN-GDN/R3-S, and WN-GDN/R3-U devices does not limit PIN guesses, which allows remote attackers to obtain network access via a brute-force attack.
low complexity
iodata CWE-200
3.3
2015-08-22 CVE-2015-2984 Permissions, Privileges, and Access Controls vulnerability in Iodata Wn-G54/R2 Firmware
I-O DATA DEVICE WN-G54/R2 routers with firmware before 1.03 and NP-BBRS routers allow remote attackers to cause a denial of service (SSDP reflection) via UPnP requests.
network
low complexity
iodata CWE-264
5.0