VYPR

Vendor CVEs

I-O DATA

All CVEs

44 total · sorted by risk
  • CVE-2025-32002CriMay 15, 2025
    risk 0.64cvss 9.8epss 0.02

    Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in I-O DATA network attached hard disk 'HDL-T Series' firmware Ver.1.21 and earlier when 'Remote Link3 function' is enabled. If exploited, a remote unauthenticated attacker…

  • CVE-2016-7806CriJun 9, 2017
    risk 0.64cvss 9.8epss 0.04

    I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors.

  • CVE-2017-2142CriApr 28, 2017
    risk 0.64cvss 9.8epss 0.03

    Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.

  • CVE-2018-0663HigSep 7, 2018
    risk 0.57cvss 8.8epss 0.02

    Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials which may allow an remote authenticated attacker to execute arbitrary OS commands…

  • CVE-2018-0661HigSep 7, 2018
    risk 0.57cvss 8.8epss 0.01

    Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to bypass access restriction to add files on a specific…

  • CVE-2017-2281HigAug 2, 2017
    risk 0.57cvss 8.8epss 0.01

    WN-AX1167GR firmware version 3.00 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.

  • CVE-2017-2280HigAug 2, 2017
    risk 0.57cvss 8.8epss 0.01

    WN-AX1167GR firmware version 3.00 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device.

  • CVE-2017-2223HigJul 7, 2017
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in TS-WPTCAM, TS-PTCAM, TS-PTCAM/POE, TS-WLC2, TS-WLCE, TS-WRLC firmware version 1.19 and earlier and TS-WPTCAM2 firmware version 1.01 and earlier allows remote attackers to hijack the authentication of administrators via…

  • CVE-2017-2113HigApr 28, 2017
    risk 0.57cvss 8.8epss 0.02

    Buffer overflow in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier,…

  • CVE-2017-2112HigApr 28, 2017
    risk 0.57cvss 8.8epss 0.02

    TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware…

  • CVE-2016-4845HigSep 24, 2016
    risk 0.57cvss 8.8epss 0.02

    Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE HVL-A2.0, HVL-A3.0, HVL-A4.0, HVL-AT1.0S, HVL-AT2.0, HVL-AT3.0, HVL-AT4.0, HVL-AT2.0A, HVL-AT3.0A, and HVL-AT4.0A devices with firmware before 2.04 allows remote attackers to hijack the authentication of…

  • CVE-2016-4820HigJun 19, 2016
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE ETX-R devices allows remote attackers to hijack the authentication of arbitrary users.

  • CVE-2017-2283HigAug 2, 2017
    risk 0.52cvss 8.0epss 0.01

    WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device.

  • CVE-2025-22450HigJan 22, 2025
    risk 0.49cvss 7.5epss 0.00

    Inclusion of undocumented features issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. A remote attacker may disable the LAN-side firewall function of the affected products, and open specific ports.

  • CVE-2024-52564HigDec 5, 2024
    risk 0.49cvss 7.5epss 0.01

    Inclusion of undocumented features or chicken bits issue exists in UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier. A remote attacker may disable the firewall function of the affected products. As a result, an arbitrary OS command may be…

  • CVE-2017-10875HigNov 13, 2017
    risk 0.49cvss 7.5epss 0.01

    I-O DATA DEVICE LAN DISK Connect Ver2.02 and earlier allows an attacker to cause a denial of service in the application via unspecified vectors.

  • CVE-2016-7814HigJun 9, 2017
    risk 0.49cvss 7.5epss 0.03

    I-O DATA DEVICE TS-WRLP firmware version 1.00.01 and earlier and TS-WRLA firmware version 1.00.01 and earlier allow remote attackers to obtain authentication credentials via unspecified vectors.

  • CVE-2016-7807HigJun 9, 2017
    risk 0.49cvss 7.5epss 0.02

    I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to bypass access restriction to access data on storage devices inserted into the product via unspecified vectors.

  • CVE-2025-20617HigJan 22, 2025
    risk 0.47cvss 7.2epss 0.01

    Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. If an attacker logs in to the affected product with an administrative account and manipulates requests for a certain screen…

  • CVE-2024-47133HigDec 5, 2024
    risk 0.47cvss 7.2epss 0.01

    UD-LT1 firmware Ver.2.1.9 and earlier and UD-LT1/EX firmware Ver.2.1.9 and earlier allow a remote authenticated attacker with an administrative account to execute arbitrary OS commands.

  • CVE-2016-7820HigJun 9, 2017
    risk 0.47cvss 7.2epss 0.03

    Buffer overflow in I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to cause a denial-of-service (DoS) or execute arbitrary code via unspecified vectors.

  • CVE-2016-7819HigJun 9, 2017
    risk 0.47cvss 7.2epss 0.02

    I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.

  • CVE-2017-2141HigApr 28, 2017
    risk 0.47cvss 7.2epss 0.02

    WN-G300R3 firmware 1.03 and earlier allows attackers with administrator rights to execute arbitrary OS commands via unspecified vectors.

  • CVE-2025-61865MedOct 23, 2025
    risk 0.44cvss 6.7epss 0.00

    Multiple NAS management applications provided by I-O DATA DEVICE, INC. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.

  • CVE-2018-0662MedSep 7, 2018
    risk 0.44cvss 6.8epss 0.00

    Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to add malicious files on the device and execute arbitrary…

  • CVE-2018-0512MedFeb 8, 2018
    risk 0.44cvss 6.8epss 0.01

    Devices with IP address setting tool "MagicalFinder" provided by I-O DATA DEVICE, INC. allow authenticated attackers to execute arbitrary OS commands via unspecified vectors.

  • CVE-2017-2282MedAug 2, 2017
    risk 0.44cvss 6.8epss 0.01

    Buffer overflow in WN-AX1167GR firmware version 3.00 and earlier allows an attacker to execute arbitrary commands via unspecified vectors.

  • CVE-2025-23237MedJan 22, 2025
    risk 0.43cvss 6.6epss 0.01

    Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. If a user logs in to CLI of the affected product, an arbitrary OS command may be executed.

  • CVE-2024-45841MedDec 5, 2024
    risk 0.42cvss 6.5epss 0.00

    Incorrect permission assignment for critical resource issue exists in UD-LT1 firmware Ver.2.1.9 and earlier and UD-LT1/EX firmware Ver.2.1.9 and earlier. If an attacker with the guest account of the affected products accesses a specific file, the information containing…

  • CVE-2017-2111MedApr 28, 2017
    risk 0.40cvss 6.1epss 0.01

    HTTP header injection vulnerability in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18…

  • CVE-2017-2148MedApr 28, 2017
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting vulnerability in WN-AC1167GR firmware version 1.04 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2014-3887MedApr 13, 2017
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: This vulnerability exists because of an incomplete fix for…

  • CVE-2016-4821MedJun 19, 2016
    risk 0.35cvss 5.3epss 0.02

    I-O DATA DEVICE ETX-R devices allow remote attackers to cause a denial of service (web-server crash) via unspecified vectors.

  • CVE-2016-1207MedMay 14, 2016
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability on I-O DATA DEVICE WN-G300R devices with firmware 1.12 and earlier, WN-G300R2 devices with firmware 1.12 and earlier, and WN-G300R3 devices with firmware 1.01 and earlier allows remote authenticated users to inject arbitrary web script or…

  • CVE-2025-32738MedMay 15, 2025
    risk 0.34cvss 5.3epss 0.00

    Missing authentication for critical function issue exists in I-O DATA network attached hard disk 'HDL-T Series' firmware Ver.1.21 and earlier. If exploited, a remote unauthenticated attacker may change the product settings.

  • CVE-2025-55075MedSep 17, 2025
    risk 0.32cvss 4.9epss 0.00

    Hidden functionality issue exists in WN-7D36QR and WN-7D36QR/UE. If this vulnerability is exploited, SSH may be enabled by a remote authenticated attacker.

  • CVE-2016-1206MedMay 14, 2016
    risk 0.28cvss 4.3epss 0.01

    The WPS implementation on I-O DATA DEVICE WN-GDN/R3, WN-GDN/R3-C, WN-GDN/R3-S, and WN-GDN/R3-U devices does not limit PIN guesses, which allows remote attackers to obtain network access via a brute-force attack.

  • CVE-2024-39300Aug 30, 2024
    risk 0.00cvss epss 0.00

    Missing authentication vulnerability exists in Telnet function of WAB-I1750-PS v1.5.10 and earlier. When Telnet function of the product is enabled, a remote attacker may login to the product without authentication and alter the product's settings.

  • CVE-2015-2984Aug 22, 2015
    risk 0.00cvss epss 0.02

    I-O DATA DEVICE WN-G54/R2 routers with firmware before 1.03 and NP-BBRS routers allow remote attackers to cause a denial of service (SSDP reflection) via UPnP requests.

  • CVE-2015-0869Feb 1, 2015
    risk 0.00cvss epss 0.02

    I-O DATA DEVICE NP-BBRM routers allow remote attackers to cause a denial of service (SSDP reflection) via UPnP requests.

  • CVE-2014-3895Jul 29, 2014
    risk 0.00cvss epss 0.02

    The I-O DATA TS-WLCAM camera with firmware 1.06 and earlier, TS-WLCAM/V camera with firmware 1.06 and earlier, TS-WPTCAM camera with firmware 1.08 and earlier, TS-PTCAM camera with firmware 1.08 and earlier, TS-PTCAM/POE camera with firmware 1.08 and earlier, and TS-WLC2 camera…

  • CVE-2013-4713Nov 1, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2013-4712Oct 19, 2013
    risk 0.00cvss epss 0.02

    I-O DATA DEVICE HDL-A and HDL2-A devices with firmware 1.07 and earlier do not properly manage sessions, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors.

  • CVE-2008-5382Dec 9, 2008
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in I-O DATA DEVICE HDL-F160, HDL-F250, HDL-F300, and HDL-F320 firmware before 1.02 allows remote attackers to (1) change a configuration or (2) delete files as an authenticated user via unknown vectors. NOTE: the provenance of…