Vulnerabilities > Iodata > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-07 | CVE-2018-0662 | Unspecified vulnerability in Iodata products Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to add malicious files on the device and execute arbitrary code. low complexity iodata | 6.8 |
| 2018-02-08 | CVE-2018-0512 | OS Command Injection vulnerability in Iodata products Devices with IP address setting tool "MagicalFinder" provided by I-O DATA DEVICE, INC. | 6.8 |
| 2017-08-02 | CVE-2017-2282 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Iodata Wn-Ax1167Gr Firmware 3.00 Buffer overflow in WN-AX1167GR firmware version 3.00 and earlier allows an attacker to execute arbitrary commands via unspecified vectors. | 6.8 |
| 2017-04-28 | CVE-2017-2148 | Cross-site Scripting vulnerability in Iodata Wn-Ac1167Gr Firmware 1.04 Cross-site scripting vulnerability in WN-AC1167GR firmware version 1.04 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2017-04-28 | CVE-2017-2111 | CRLF Injection vulnerability in Iodata products HTTP header injection vulnerability in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier may allow a remote attackers to display false information. | 6.1 |
| 2017-04-13 | CVE-2014-3887 | Cross-site Scripting vulnerability in Iodata Rockdisk Firmware Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2016-06-19 | CVE-2016-4821 | Unspecified vulnerability in Iodata Etx-R Firmware I-O DATA DEVICE ETX-R devices allow remote attackers to cause a denial of service (web-server crash) via unspecified vectors. | 5.3 |
| 2016-05-14 | CVE-2016-1207 | Cross-site Scripting vulnerability in Iodata products Cross-site scripting (XSS) vulnerability on I-O DATA DEVICE WN-G300R devices with firmware 1.12 and earlier, WN-G300R2 devices with firmware 1.12 and earlier, and WN-G300R3 devices with firmware 1.01 and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2016-05-14 | CVE-2016-1206 | Information Exposure vulnerability in Iodata Wn-Gdn/R3 Firmware The WPS implementation on I-O DATA DEVICE WN-GDN/R3, WN-GDN/R3-C, WN-GDN/R3-S, and WN-GDN/R3-U devices does not limit PIN guesses, which allows remote attackers to obtain network access via a brute-force attack. | 4.3 |