I-O DATA
Products
64- 10 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 4 CVEs
- 4 CVEs
- 4 CVEs
- 4 CVEs
- 4 CVEs
- 4 CVEs
- 4 CVEs
- 4 CVEs
- 4 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- View all 64 products →
Recent CVEs
44| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-32002 | Cri | 0.64 | 9.8 | 0.02 | May 15, 2025 | Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in I-O DATA network attached hard disk 'HDL-T Series' firmware Ver.1.21 and earlier when 'Remote Link3 function' is enabled. If exploited, a remote unauthenticated attacker… | ||
| CVE-2016-7806 | Cri | 0.64 | 9.8 | 0.04 | Jun 9, 2017 | I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors. | ||
| CVE-2017-2142 | Cri | 0.64 | 9.8 | 0.03 | Apr 28, 2017 | Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | ||
| CVE-2018-0663 | Hig | 0.57 | 8.8 | 0.02 | Sep 7, 2018 | Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials which may allow an remote authenticated attacker to execute arbitrary OS commands… | ||
| CVE-2018-0661 | Hig | 0.57 | 8.8 | 0.01 | Sep 7, 2018 | Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to bypass access restriction to add files on a specific… | ||
| CVE-2017-2281 | Hig | 0.57 | 8.8 | 0.01 | Aug 2, 2017 | WN-AX1167GR firmware version 3.00 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | ||
| CVE-2017-2280 | Hig | 0.57 | 8.8 | 0.01 | Aug 2, 2017 | WN-AX1167GR firmware version 3.00 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device. | ||
| CVE-2017-2223 | Hig | 0.57 | 8.8 | 0.01 | Jul 7, 2017 | Cross-site request forgery (CSRF) vulnerability in TS-WPTCAM, TS-PTCAM, TS-PTCAM/POE, TS-WLC2, TS-WLCE, TS-WRLC firmware version 1.19 and earlier and TS-WPTCAM2 firmware version 1.01 and earlier allows remote attackers to hijack the authentication of administrators via… | ||
| CVE-2017-2113 | Hig | 0.57 | 8.8 | 0.02 | Apr 28, 2017 | Buffer overflow in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier,… | ||
| CVE-2017-2112 | Hig | 0.57 | 8.8 | 0.02 | Apr 28, 2017 | TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware… | ||
| CVE-2016-4845 | Hig | 0.57 | 8.8 | 0.02 | Sep 24, 2016 | Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE HVL-A2.0, HVL-A3.0, HVL-A4.0, HVL-AT1.0S, HVL-AT2.0, HVL-AT3.0, HVL-AT4.0, HVL-AT2.0A, HVL-AT3.0A, and HVL-AT4.0A devices with firmware before 2.04 allows remote attackers to hijack the authentication of… | ||
| CVE-2016-4820 | Hig | 0.57 | 8.8 | 0.01 | Jun 19, 2016 | Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE ETX-R devices allows remote attackers to hijack the authentication of arbitrary users. | ||
| CVE-2017-2283 | Hig | 0.52 | 8.0 | 0.01 | Aug 2, 2017 | WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device. | ||
| CVE-2025-22450 | Hig | 0.49 | 7.5 | 0.00 | Jan 22, 2025 | Inclusion of undocumented features issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. A remote attacker may disable the LAN-side firewall function of the affected products, and open specific ports. | ||
| CVE-2024-52564 | Hig | 0.49 | 7.5 | 0.01 | Dec 5, 2024 | Inclusion of undocumented features or chicken bits issue exists in UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier. A remote attacker may disable the firewall function of the affected products. As a result, an arbitrary OS command may be… | ||
| CVE-2017-10875 | Hig | 0.49 | 7.5 | 0.01 | Nov 13, 2017 | I-O DATA DEVICE LAN DISK Connect Ver2.02 and earlier allows an attacker to cause a denial of service in the application via unspecified vectors. | ||
| CVE-2016-7814 | Hig | 0.49 | 7.5 | 0.03 | Jun 9, 2017 | I-O DATA DEVICE TS-WRLP firmware version 1.00.01 and earlier and TS-WRLA firmware version 1.00.01 and earlier allow remote attackers to obtain authentication credentials via unspecified vectors. | ||
| CVE-2016-7807 | Hig | 0.49 | 7.5 | 0.02 | Jun 9, 2017 | I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to bypass access restriction to access data on storage devices inserted into the product via unspecified vectors. | ||
| CVE-2025-20617 | Hig | 0.47 | 7.2 | 0.01 | Jan 22, 2025 | Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. If an attacker logs in to the affected product with an administrative account and manipulates requests for a certain screen… | ||
| CVE-2024-47133 | Hig | 0.47 | 7.2 | 0.01 | Dec 5, 2024 | UD-LT1 firmware Ver.2.1.9 and earlier and UD-LT1/EX firmware Ver.2.1.9 and earlier allow a remote authenticated attacker with an administrative account to execute arbitrary OS commands. |
- risk 0.64cvss 9.8epss 0.02
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in I-O DATA network attached hard disk 'HDL-T Series' firmware Ver.1.21 and earlier when 'Remote Link3 function' is enabled. If exploited, a remote unauthenticated attacker…
- risk 0.64cvss 9.8epss 0.04
I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors.
- risk 0.64cvss 9.8epss 0.03
Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
- risk 0.57cvss 8.8epss 0.02
Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials which may allow an remote authenticated attacker to execute arbitrary OS commands…
- risk 0.57cvss 8.8epss 0.01
Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to bypass access restriction to add files on a specific…
- risk 0.57cvss 8.8epss 0.01
WN-AX1167GR firmware version 3.00 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.
- risk 0.57cvss 8.8epss 0.01
WN-AX1167GR firmware version 3.00 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device.
- risk 0.57cvss 8.8epss 0.01
Cross-site request forgery (CSRF) vulnerability in TS-WPTCAM, TS-PTCAM, TS-PTCAM/POE, TS-WLC2, TS-WLCE, TS-WRLC firmware version 1.19 and earlier and TS-WPTCAM2 firmware version 1.01 and earlier allows remote attackers to hijack the authentication of administrators via…
- risk 0.57cvss 8.8epss 0.02
Buffer overflow in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier,…
- risk 0.57cvss 8.8epss 0.02
TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware…
- risk 0.57cvss 8.8epss 0.02
Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE HVL-A2.0, HVL-A3.0, HVL-A4.0, HVL-AT1.0S, HVL-AT2.0, HVL-AT3.0, HVL-AT4.0, HVL-AT2.0A, HVL-AT3.0A, and HVL-AT4.0A devices with firmware before 2.04 allows remote attackers to hijack the authentication of…
- risk 0.57cvss 8.8epss 0.01
Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE ETX-R devices allows remote attackers to hijack the authentication of arbitrary users.
- risk 0.52cvss 8.0epss 0.01
WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device.
- risk 0.49cvss 7.5epss 0.00
Inclusion of undocumented features issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. A remote attacker may disable the LAN-side firewall function of the affected products, and open specific ports.
- risk 0.49cvss 7.5epss 0.01
Inclusion of undocumented features or chicken bits issue exists in UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier. A remote attacker may disable the firewall function of the affected products. As a result, an arbitrary OS command may be…
- risk 0.49cvss 7.5epss 0.01
I-O DATA DEVICE LAN DISK Connect Ver2.02 and earlier allows an attacker to cause a denial of service in the application via unspecified vectors.
- risk 0.49cvss 7.5epss 0.03
I-O DATA DEVICE TS-WRLP firmware version 1.00.01 and earlier and TS-WRLA firmware version 1.00.01 and earlier allow remote attackers to obtain authentication credentials via unspecified vectors.
- risk 0.49cvss 7.5epss 0.02
I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to bypass access restriction to access data on storage devices inserted into the product via unspecified vectors.
- risk 0.47cvss 7.2epss 0.01
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. If an attacker logs in to the affected product with an administrative account and manipulates requests for a certain screen…
- risk 0.47cvss 7.2epss 0.01
UD-LT1 firmware Ver.2.1.9 and earlier and UD-LT1/EX firmware Ver.2.1.9 and earlier allow a remote authenticated attacker with an administrative account to execute arbitrary OS commands.