VYPR
Vendor

I-O DATA

Products
64
CVEs
44
Across products
111
Status
Private

Products

64
View all 64 products →

Recent CVEs

44
View all 44 CVEs →
  • CVE-2025-32002CriMay 15, 2025
    risk 0.64cvss 9.8epss 0.02

    Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in I-O DATA network attached hard disk 'HDL-T Series' firmware Ver.1.21 and earlier when 'Remote Link3 function' is enabled. If exploited, a remote unauthenticated attacker…

  • CVE-2016-7806CriJun 9, 2017
    risk 0.64cvss 9.8epss 0.04

    I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors.

  • CVE-2017-2142CriApr 28, 2017
    risk 0.64cvss 9.8epss 0.03

    Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.

  • CVE-2018-0663HigSep 7, 2018
    risk 0.57cvss 8.8epss 0.02

    Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials which may allow an remote authenticated attacker to execute arbitrary OS commands…

  • CVE-2018-0661HigSep 7, 2018
    risk 0.57cvss 8.8epss 0.01

    Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to bypass access restriction to add files on a specific…

  • CVE-2017-2281HigAug 2, 2017
    risk 0.57cvss 8.8epss 0.01

    WN-AX1167GR firmware version 3.00 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.

  • CVE-2017-2280HigAug 2, 2017
    risk 0.57cvss 8.8epss 0.01

    WN-AX1167GR firmware version 3.00 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device.

  • CVE-2017-2223HigJul 7, 2017
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in TS-WPTCAM, TS-PTCAM, TS-PTCAM/POE, TS-WLC2, TS-WLCE, TS-WRLC firmware version 1.19 and earlier and TS-WPTCAM2 firmware version 1.01 and earlier allows remote attackers to hijack the authentication of administrators via…

  • CVE-2017-2113HigApr 28, 2017
    risk 0.57cvss 8.8epss 0.02

    Buffer overflow in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier,…

  • CVE-2017-2112HigApr 28, 2017
    risk 0.57cvss 8.8epss 0.02

    TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware…

  • CVE-2016-4845HigSep 24, 2016
    risk 0.57cvss 8.8epss 0.02

    Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE HVL-A2.0, HVL-A3.0, HVL-A4.0, HVL-AT1.0S, HVL-AT2.0, HVL-AT3.0, HVL-AT4.0, HVL-AT2.0A, HVL-AT3.0A, and HVL-AT4.0A devices with firmware before 2.04 allows remote attackers to hijack the authentication of…

  • CVE-2016-4820HigJun 19, 2016
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE ETX-R devices allows remote attackers to hijack the authentication of arbitrary users.

  • CVE-2017-2283HigAug 2, 2017
    risk 0.52cvss 8.0epss 0.01

    WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device.

  • CVE-2025-22450HigJan 22, 2025
    risk 0.49cvss 7.5epss 0.00

    Inclusion of undocumented features issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. A remote attacker may disable the LAN-side firewall function of the affected products, and open specific ports.

  • CVE-2024-52564HigDec 5, 2024
    risk 0.49cvss 7.5epss 0.01

    Inclusion of undocumented features or chicken bits issue exists in UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier. A remote attacker may disable the firewall function of the affected products. As a result, an arbitrary OS command may be…

  • CVE-2017-10875HigNov 13, 2017
    risk 0.49cvss 7.5epss 0.01

    I-O DATA DEVICE LAN DISK Connect Ver2.02 and earlier allows an attacker to cause a denial of service in the application via unspecified vectors.

  • CVE-2016-7814HigJun 9, 2017
    risk 0.49cvss 7.5epss 0.03

    I-O DATA DEVICE TS-WRLP firmware version 1.00.01 and earlier and TS-WRLA firmware version 1.00.01 and earlier allow remote attackers to obtain authentication credentials via unspecified vectors.

  • CVE-2016-7807HigJun 9, 2017
    risk 0.49cvss 7.5epss 0.02

    I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to bypass access restriction to access data on storage devices inserted into the product via unspecified vectors.

  • CVE-2025-20617HigJan 22, 2025
    risk 0.47cvss 7.2epss 0.01

    Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. If an attacker logs in to the affected product with an administrative account and manipulates requests for a certain screen…

  • CVE-2024-47133HigDec 5, 2024
    risk 0.47cvss 7.2epss 0.01

    UD-LT1 firmware Ver.2.1.9 and earlier and UD-LT1/EX firmware Ver.2.1.9 and earlier allow a remote authenticated attacker with an administrative account to execute arbitrary OS commands.