Vendor CVEs
I-O DATA
All CVEs
44 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-32002 | Cri | 0.64 | 9.8 | 0.02 | May 15, 2025 | Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in I-O DATA network attached hard disk 'HDL-T Series' firmware Ver.1.21 and earlier when 'Remote Link3 function' is enabled. If exploited, a remote unauthenticated attacker… | ||
| CVE-2016-7806 | Cri | 0.64 | 9.8 | 0.04 | Jun 9, 2017 | I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors. | ||
| CVE-2017-2142 | Cri | 0.64 | 9.8 | 0.03 | Apr 28, 2017 | Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | ||
| CVE-2018-0663 | Hig | 0.57 | 8.8 | 0.02 | Sep 7, 2018 | Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials which may allow an remote authenticated attacker to execute arbitrary OS commands… | ||
| CVE-2018-0661 | Hig | 0.57 | 8.8 | 0.01 | Sep 7, 2018 | Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to bypass access restriction to add files on a specific… | ||
| CVE-2017-2281 | Hig | 0.57 | 8.8 | 0.01 | Aug 2, 2017 | WN-AX1167GR firmware version 3.00 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | ||
| CVE-2017-2280 | Hig | 0.57 | 8.8 | 0.01 | Aug 2, 2017 | WN-AX1167GR firmware version 3.00 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device. | ||
| CVE-2017-2223 | Hig | 0.57 | 8.8 | 0.01 | Jul 7, 2017 | Cross-site request forgery (CSRF) vulnerability in TS-WPTCAM, TS-PTCAM, TS-PTCAM/POE, TS-WLC2, TS-WLCE, TS-WRLC firmware version 1.19 and earlier and TS-WPTCAM2 firmware version 1.01 and earlier allows remote attackers to hijack the authentication of administrators via… | ||
| CVE-2017-2113 | Hig | 0.57 | 8.8 | 0.02 | Apr 28, 2017 | Buffer overflow in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier,… | ||
| CVE-2017-2112 | Hig | 0.57 | 8.8 | 0.02 | Apr 28, 2017 | TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware… | ||
| CVE-2016-4845 | Hig | 0.57 | 8.8 | 0.02 | Sep 24, 2016 | Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE HVL-A2.0, HVL-A3.0, HVL-A4.0, HVL-AT1.0S, HVL-AT2.0, HVL-AT3.0, HVL-AT4.0, HVL-AT2.0A, HVL-AT3.0A, and HVL-AT4.0A devices with firmware before 2.04 allows remote attackers to hijack the authentication of… | ||
| CVE-2016-4820 | Hig | 0.57 | 8.8 | 0.01 | Jun 19, 2016 | Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE ETX-R devices allows remote attackers to hijack the authentication of arbitrary users. | ||
| CVE-2017-2283 | Hig | 0.52 | 8.0 | 0.01 | Aug 2, 2017 | WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device. | ||
| CVE-2025-22450 | Hig | 0.49 | 7.5 | 0.00 | Jan 22, 2025 | Inclusion of undocumented features issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. A remote attacker may disable the LAN-side firewall function of the affected products, and open specific ports. | ||
| CVE-2024-52564 | Hig | 0.49 | 7.5 | 0.01 | Dec 5, 2024 | Inclusion of undocumented features or chicken bits issue exists in UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier. A remote attacker may disable the firewall function of the affected products. As a result, an arbitrary OS command may be… | ||
| CVE-2017-10875 | Hig | 0.49 | 7.5 | 0.01 | Nov 13, 2017 | I-O DATA DEVICE LAN DISK Connect Ver2.02 and earlier allows an attacker to cause a denial of service in the application via unspecified vectors. | ||
| CVE-2016-7814 | Hig | 0.49 | 7.5 | 0.03 | Jun 9, 2017 | I-O DATA DEVICE TS-WRLP firmware version 1.00.01 and earlier and TS-WRLA firmware version 1.00.01 and earlier allow remote attackers to obtain authentication credentials via unspecified vectors. | ||
| CVE-2016-7807 | Hig | 0.49 | 7.5 | 0.02 | Jun 9, 2017 | I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to bypass access restriction to access data on storage devices inserted into the product via unspecified vectors. | ||
| CVE-2025-20617 | Hig | 0.47 | 7.2 | 0.01 | Jan 22, 2025 | Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. If an attacker logs in to the affected product with an administrative account and manipulates requests for a certain screen… | ||
| CVE-2024-47133 | Hig | 0.47 | 7.2 | 0.01 | Dec 5, 2024 | UD-LT1 firmware Ver.2.1.9 and earlier and UD-LT1/EX firmware Ver.2.1.9 and earlier allow a remote authenticated attacker with an administrative account to execute arbitrary OS commands. | ||
| CVE-2016-7820 | Hig | 0.47 | 7.2 | 0.03 | Jun 9, 2017 | Buffer overflow in I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to cause a denial-of-service (DoS) or execute arbitrary code via unspecified vectors. | ||
| CVE-2016-7819 | Hig | 0.47 | 7.2 | 0.02 | Jun 9, 2017 | I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. | ||
| CVE-2017-2141 | Hig | 0.47 | 7.2 | 0.02 | Apr 28, 2017 | WN-G300R3 firmware 1.03 and earlier allows attackers with administrator rights to execute arbitrary OS commands via unspecified vectors. | ||
| CVE-2025-61865 | Med | 0.44 | 6.7 | 0.00 | Oct 23, 2025 | Multiple NAS management applications provided by I-O DATA DEVICE, INC. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege. | ||
| CVE-2018-0662 | Med | 0.44 | 6.8 | 0.00 | Sep 7, 2018 | Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to add malicious files on the device and execute arbitrary… | ||
| CVE-2018-0512 | Med | 0.44 | 6.8 | 0.01 | Feb 8, 2018 | Devices with IP address setting tool "MagicalFinder" provided by I-O DATA DEVICE, INC. allow authenticated attackers to execute arbitrary OS commands via unspecified vectors. | ||
| CVE-2017-2282 | Med | 0.44 | 6.8 | 0.01 | Aug 2, 2017 | Buffer overflow in WN-AX1167GR firmware version 3.00 and earlier allows an attacker to execute arbitrary commands via unspecified vectors. | ||
| CVE-2025-23237 | Med | 0.43 | 6.6 | 0.01 | Jan 22, 2025 | Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. If a user logs in to CLI of the affected product, an arbitrary OS command may be executed. | ||
| CVE-2024-45841 | Med | 0.42 | 6.5 | 0.00 | Dec 5, 2024 | Incorrect permission assignment for critical resource issue exists in UD-LT1 firmware Ver.2.1.9 and earlier and UD-LT1/EX firmware Ver.2.1.9 and earlier. If an attacker with the guest account of the affected products accesses a specific file, the information containing… | ||
| CVE-2017-2111 | Med | 0.40 | 6.1 | 0.01 | Apr 28, 2017 | HTTP header injection vulnerability in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18… | ||
| CVE-2017-2148 | Med | 0.35 | 5.4 | 0.01 | Apr 28, 2017 | Cross-site scripting vulnerability in WN-AC1167GR firmware version 1.04 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2014-3887 | Med | 0.35 | 5.4 | 0.01 | Apr 13, 2017 | Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: This vulnerability exists because of an incomplete fix for… | ||
| CVE-2016-4821 | Med | 0.35 | 5.3 | 0.02 | Jun 19, 2016 | I-O DATA DEVICE ETX-R devices allow remote attackers to cause a denial of service (web-server crash) via unspecified vectors. | ||
| CVE-2016-1207 | Med | 0.35 | 5.4 | 0.01 | May 14, 2016 | Cross-site scripting (XSS) vulnerability on I-O DATA DEVICE WN-G300R devices with firmware 1.12 and earlier, WN-G300R2 devices with firmware 1.12 and earlier, and WN-G300R3 devices with firmware 1.01 and earlier allows remote authenticated users to inject arbitrary web script or… | ||
| CVE-2025-32738 | Med | 0.34 | 5.3 | 0.00 | May 15, 2025 | Missing authentication for critical function issue exists in I-O DATA network attached hard disk 'HDL-T Series' firmware Ver.1.21 and earlier. If exploited, a remote unauthenticated attacker may change the product settings. | ||
| CVE-2025-55075 | Med | 0.32 | 4.9 | 0.00 | Sep 17, 2025 | Hidden functionality issue exists in WN-7D36QR and WN-7D36QR/UE. If this vulnerability is exploited, SSH may be enabled by a remote authenticated attacker. | ||
| CVE-2016-1206 | Med | 0.28 | 4.3 | 0.01 | May 14, 2016 | The WPS implementation on I-O DATA DEVICE WN-GDN/R3, WN-GDN/R3-C, WN-GDN/R3-S, and WN-GDN/R3-U devices does not limit PIN guesses, which allows remote attackers to obtain network access via a brute-force attack. | ||
| CVE-2024-39300 | 0.00 | — | 0.00 | Aug 30, 2024 | Missing authentication vulnerability exists in Telnet function of WAB-I1750-PS v1.5.10 and earlier. When Telnet function of the product is enabled, a remote attacker may login to the product without authentication and alter the product's settings. | |||
| CVE-2015-2984 | 0.00 | — | 0.02 | Aug 22, 2015 | I-O DATA DEVICE WN-G54/R2 routers with firmware before 1.03 and NP-BBRS routers allow remote attackers to cause a denial of service (SSDP reflection) via UPnP requests. | |||
| CVE-2015-0869 | 0.00 | — | 0.02 | Feb 1, 2015 | I-O DATA DEVICE NP-BBRM routers allow remote attackers to cause a denial of service (SSDP reflection) via UPnP requests. | |||
| CVE-2014-3895 | 0.00 | — | 0.02 | Jul 29, 2014 | The I-O DATA TS-WLCAM camera with firmware 1.06 and earlier, TS-WLCAM/V camera with firmware 1.06 and earlier, TS-WPTCAM camera with firmware 1.08 and earlier, TS-PTCAM camera with firmware 1.08 and earlier, TS-PTCAM/POE camera with firmware 1.08 and earlier, and TS-WLC2 camera… | |||
| CVE-2013-4713 | 0.00 | — | 0.01 | Nov 1, 2013 | Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-4712 | 0.00 | — | 0.02 | Oct 19, 2013 | I-O DATA DEVICE HDL-A and HDL2-A devices with firmware 1.07 and earlier do not properly manage sessions, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors. | |||
| CVE-2008-5382 | 0.00 | — | 0.01 | Dec 9, 2008 | Cross-site request forgery (CSRF) vulnerability in I-O DATA DEVICE HDL-F160, HDL-F250, HDL-F300, and HDL-F320 firmware before 1.02 allows remote attackers to (1) change a configuration or (2) delete files as an authenticated user via unknown vectors. NOTE: the provenance of… |
- risk 0.64cvss 9.8epss 0.02
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in I-O DATA network attached hard disk 'HDL-T Series' firmware Ver.1.21 and earlier when 'Remote Link3 function' is enabled. If exploited, a remote unauthenticated attacker…
- risk 0.64cvss 9.8epss 0.04
I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors.
- risk 0.64cvss 9.8epss 0.03
Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
- risk 0.57cvss 8.8epss 0.02
Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials which may allow an remote authenticated attacker to execute arbitrary OS commands…
- risk 0.57cvss 8.8epss 0.01
Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to bypass access restriction to add files on a specific…
- risk 0.57cvss 8.8epss 0.01
WN-AX1167GR firmware version 3.00 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.
- risk 0.57cvss 8.8epss 0.01
WN-AX1167GR firmware version 3.00 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device.
- risk 0.57cvss 8.8epss 0.01
Cross-site request forgery (CSRF) vulnerability in TS-WPTCAM, TS-PTCAM, TS-PTCAM/POE, TS-WLC2, TS-WLCE, TS-WRLC firmware version 1.19 and earlier and TS-WPTCAM2 firmware version 1.01 and earlier allows remote attackers to hijack the authentication of administrators via…
- risk 0.57cvss 8.8epss 0.02
Buffer overflow in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier,…
- risk 0.57cvss 8.8epss 0.02
TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware…
- risk 0.57cvss 8.8epss 0.02
Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE HVL-A2.0, HVL-A3.0, HVL-A4.0, HVL-AT1.0S, HVL-AT2.0, HVL-AT3.0, HVL-AT4.0, HVL-AT2.0A, HVL-AT3.0A, and HVL-AT4.0A devices with firmware before 2.04 allows remote attackers to hijack the authentication of…
- risk 0.57cvss 8.8epss 0.01
Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE ETX-R devices allows remote attackers to hijack the authentication of arbitrary users.
- risk 0.52cvss 8.0epss 0.01
WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device.
- risk 0.49cvss 7.5epss 0.00
Inclusion of undocumented features issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. A remote attacker may disable the LAN-side firewall function of the affected products, and open specific ports.
- risk 0.49cvss 7.5epss 0.01
Inclusion of undocumented features or chicken bits issue exists in UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier. A remote attacker may disable the firewall function of the affected products. As a result, an arbitrary OS command may be…
- risk 0.49cvss 7.5epss 0.01
I-O DATA DEVICE LAN DISK Connect Ver2.02 and earlier allows an attacker to cause a denial of service in the application via unspecified vectors.
- risk 0.49cvss 7.5epss 0.03
I-O DATA DEVICE TS-WRLP firmware version 1.00.01 and earlier and TS-WRLA firmware version 1.00.01 and earlier allow remote attackers to obtain authentication credentials via unspecified vectors.
- risk 0.49cvss 7.5epss 0.02
I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to bypass access restriction to access data on storage devices inserted into the product via unspecified vectors.
- risk 0.47cvss 7.2epss 0.01
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. If an attacker logs in to the affected product with an administrative account and manipulates requests for a certain screen…
- risk 0.47cvss 7.2epss 0.01
UD-LT1 firmware Ver.2.1.9 and earlier and UD-LT1/EX firmware Ver.2.1.9 and earlier allow a remote authenticated attacker with an administrative account to execute arbitrary OS commands.
- risk 0.47cvss 7.2epss 0.03
Buffer overflow in I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to cause a denial-of-service (DoS) or execute arbitrary code via unspecified vectors.
- risk 0.47cvss 7.2epss 0.02
I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.
- risk 0.47cvss 7.2epss 0.02
WN-G300R3 firmware 1.03 and earlier allows attackers with administrator rights to execute arbitrary OS commands via unspecified vectors.
- risk 0.44cvss 6.7epss 0.00
Multiple NAS management applications provided by I-O DATA DEVICE, INC. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.
- risk 0.44cvss 6.8epss 0.00
Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to add malicious files on the device and execute arbitrary…
- risk 0.44cvss 6.8epss 0.01
Devices with IP address setting tool "MagicalFinder" provided by I-O DATA DEVICE, INC. allow authenticated attackers to execute arbitrary OS commands via unspecified vectors.
- risk 0.44cvss 6.8epss 0.01
Buffer overflow in WN-AX1167GR firmware version 3.00 and earlier allows an attacker to execute arbitrary commands via unspecified vectors.
- risk 0.43cvss 6.6epss 0.01
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. If a user logs in to CLI of the affected product, an arbitrary OS command may be executed.
- risk 0.42cvss 6.5epss 0.00
Incorrect permission assignment for critical resource issue exists in UD-LT1 firmware Ver.2.1.9 and earlier and UD-LT1/EX firmware Ver.2.1.9 and earlier. If an attacker with the guest account of the affected products accesses a specific file, the information containing…
- risk 0.40cvss 6.1epss 0.01
HTTP header injection vulnerability in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18…
- risk 0.35cvss 5.4epss 0.01
Cross-site scripting vulnerability in WN-AC1167GR firmware version 1.04 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
- risk 0.35cvss 5.4epss 0.01
Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: This vulnerability exists because of an incomplete fix for…
- risk 0.35cvss 5.3epss 0.02
I-O DATA DEVICE ETX-R devices allow remote attackers to cause a denial of service (web-server crash) via unspecified vectors.
- risk 0.35cvss 5.4epss 0.01
Cross-site scripting (XSS) vulnerability on I-O DATA DEVICE WN-G300R devices with firmware 1.12 and earlier, WN-G300R2 devices with firmware 1.12 and earlier, and WN-G300R3 devices with firmware 1.01 and earlier allows remote authenticated users to inject arbitrary web script or…
- risk 0.34cvss 5.3epss 0.00
Missing authentication for critical function issue exists in I-O DATA network attached hard disk 'HDL-T Series' firmware Ver.1.21 and earlier. If exploited, a remote unauthenticated attacker may change the product settings.
- risk 0.32cvss 4.9epss 0.00
Hidden functionality issue exists in WN-7D36QR and WN-7D36QR/UE. If this vulnerability is exploited, SSH may be enabled by a remote authenticated attacker.
- risk 0.28cvss 4.3epss 0.01
The WPS implementation on I-O DATA DEVICE WN-GDN/R3, WN-GDN/R3-C, WN-GDN/R3-S, and WN-GDN/R3-U devices does not limit PIN guesses, which allows remote attackers to obtain network access via a brute-force attack.
- CVE-2024-39300Aug 30, 2024risk 0.00cvss —epss 0.00
Missing authentication vulnerability exists in Telnet function of WAB-I1750-PS v1.5.10 and earlier. When Telnet function of the product is enabled, a remote attacker may login to the product without authentication and alter the product's settings.
- CVE-2015-2984Aug 22, 2015risk 0.00cvss —epss 0.02
I-O DATA DEVICE WN-G54/R2 routers with firmware before 1.03 and NP-BBRS routers allow remote attackers to cause a denial of service (SSDP reflection) via UPnP requests.
- CVE-2015-0869Feb 1, 2015risk 0.00cvss —epss 0.02
I-O DATA DEVICE NP-BBRM routers allow remote attackers to cause a denial of service (SSDP reflection) via UPnP requests.
- CVE-2014-3895Jul 29, 2014risk 0.00cvss —epss 0.02
The I-O DATA TS-WLCAM camera with firmware 1.06 and earlier, TS-WLCAM/V camera with firmware 1.06 and earlier, TS-WPTCAM camera with firmware 1.08 and earlier, TS-PTCAM camera with firmware 1.08 and earlier, TS-PTCAM/POE camera with firmware 1.08 and earlier, and TS-WLC2 camera…
- CVE-2013-4713Nov 1, 2013risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2013-4712Oct 19, 2013risk 0.00cvss —epss 0.02
I-O DATA DEVICE HDL-A and HDL2-A devices with firmware 1.07 and earlier do not properly manage sessions, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors.
- CVE-2008-5382Dec 9, 2008risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in I-O DATA DEVICE HDL-F160, HDL-F250, HDL-F300, and HDL-F320 firmware before 1.02 allows remote attackers to (1) change a configuration or (2) delete files as an authenticated user via unknown vectors. NOTE: the provenance of…