Search a vulnerability

All the vulnerabilites related to I-O DATA DEVICE, INC. - HDL-T Series

jvndb-2025-005057

Vulnerability from jvndb

Published

2025-05-15 18:27

Modified

2025-05-15 18:27

Severity ?

9.8 (Critical) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Multiple vulnerabilities in I-O DATA network attached hard disk 'HDL-T Series'

Details

Network attached hard disk 'HDL-T Series' provided by I-O DATA DEVICE, INC. contains multiple vulnerabilities. <ul> <li>OS command injection (CWE-78)</li> <ul> <li>Affected when 'Remote Link3 function' is enabled</li> <li>CVE-2025-32002</li> </ul> <li>Missing authentication for critical function (CWE-306)</li> <ul><li>CVE-2025-32738</li></ul> </ul> Chuya Hayakawa and Ryo Kamino of 00One, Inc. reported these vulnerabilities to JPCERT/CC. JPCERT/CC coordinated with the developer.

References

▼	Type	URL
	JVN	https://jvn.jp/en/vu/JVNVU91726405/index.html
	CVE	https://www.cve.org/CVERecord?id=CVE-2025-32002
	CVE	https://www.cve.org/CVERecord?id=CVE-2025-32738
	Missing Authentication for Critical Function(CWE-306)	https://cwe.mitre.org/data/definitions/306.html
	OS Command Injection(CWE-78)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	I-O DATA DEVICE, INC.	HDL-T Series

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-005057.html",
  "dc:date": "2025-05-15T18:27+09:00",
  "dcterms:issued": "2025-05-15T18:27+09:00",
  "dcterms:modified": "2025-05-15T18:27+09:00",
  "description": "Network attached hard disk \u0027HDL-T Series\u0027 provided by I-O DATA DEVICE, INC. contains multiple vulnerabilities.\r\n\r\n\u003cul\u003e\r\n\u003cli\u003eOS command injection (CWE-78)\u003c/li\u003e\r\n\u003cul\u003e\r\n\u003cli\u003eAffected when \u0027Remote Link3 function\u0027 is enabled\u003c/li\u003e\r\n\u003cli\u003eCVE-2025-32002\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\r\n\u003cli\u003eMissing authentication for critical function (CWE-306)\u003c/li\u003e\r\n\u003cul\u003e\u003cli\u003eCVE-2025-32738\u003c/li\u003e\u003c/ul\u003e\r\n\u003c/ul\u003e\r\n\r\nChuya Hayakawa and Ryo Kamino of 00One, Inc. reported these vulnerabilities to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
  "link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-005057.html",
  "sec:cpe": {
    "#text": "cpe:/h:i-o_data_device:hdl-t",
    "@product": "HDL-T Series",
    "@vendor": "I-O DATA DEVICE, INC.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "9.8",
    "@severity": "Critical",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2025-005057",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU91726405/index.html",
      "@id": "JVNVU#91726405",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2025-32002",
      "@id": "CVE-2025-32002",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2025-32738",
      "@id": "CVE-2025-32738",
      "@source": "CVE"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/306.html",
      "@id": "CWE-306",
      "@title": "Missing Authentication for Critical Function(CWE-306)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    }
  ],
  "title": "Multiple vulnerabilities in I-O DATA network attached hard disk \u0027HDL-T Series\u0027"
}

jvndb-2018-000007

Vulnerability from jvndb

Published

2018-02-06 14:22

Modified

2018-04-11 11:51

Severity ?

6.8 (Medium) - cvssV3_0 - CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

Multiple I-O DATA network devices incorporating "MagicalFinder" vulnerable to OS command injection

Details

"MagicalFinder" provided by I-O DATA DEVICE, INC. is a IP address setting tool to for I-O DATA network devices such as routers, network cameras, strages, etc. Multiple I-O DATA network devices that incorporate "MagicalFinder" contain an OS command injection vulnerability (CWE-78). Taizo Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

▼	Type	URL
	JVN	https://jvn.jp/en/jp/JVN36048131/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0512
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-0512
	OS Command Injection(CWE-78)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	I-O DATA DEVICE, INC.	BX-VP1
	I-O DATA DEVICE, INC.	GV-NTX1
	I-O DATA DEVICE, INC.	GV-NTX2
	I-O DATA DEVICE, INC.	HDL-A Series
	I-O DATA DEVICE, INC.	HDL-AH Series
	I-O DATA DEVICE, INC.	HDL-GT Series
	I-O DATA DEVICE, INC.	HDL-GTR Series
	I-O DATA DEVICE, INC.	HDL-T Series
	I-O DATA DEVICE, INC.	HDL-XR Series
	I-O DATA DEVICE, INC.	HDL-XR2U Series
	I-O DATA DEVICE, INC.	HDL-XR2UW Series
	I-O DATA DEVICE, INC.	HDL-XRW Series
	I-O DATA DEVICE, INC.	HDL-XV Series
	I-O DATA DEVICE, INC.	HDL-XVW Series
	I-O DATA DEVICE, INC.	HDL2-A Series
	I-O DATA DEVICE, INC.	HDL2-AH Series
	I-O DATA DEVICE, INC.	HFAS1 Series
	I-O DATA DEVICE, INC.	HLS-C Series
	I-O DATA DEVICE, INC.	HVL-A series
	I-O DATA DEVICE, INC.	HVL-AT series
	I-O DATA DEVICE, INC.	HVL-ATA series
	I-O DATA DEVICE, INC.	HVL-S Series
	I-O DATA DEVICE, INC.	WHG-AC1750/AL
	I-O DATA DEVICE, INC.	WHG-AC1750/A
	I-O DATA DEVICE, INC.	WHG-NAPG/A
	I-O DATA DEVICE, INC.	WHG-NAPG/AL
	I-O DATA DEVICE, INC.	WN-AC1167DGR
	I-O DATA DEVICE, INC.	WN-AC1300EX
	I-O DATA DEVICE, INC.	WN-AC1600DGR
	I-O DATA DEVICE, INC.	WN-AC583RK
	I-O DATA DEVICE, INC.	WN-AC583TRK
	I-O DATA DEVICE, INC.	WN-AG300DGR
	I-O DATA DEVICE, INC.	WN-AG750DGR
	I-O DATA DEVICE, INC.	WN-AX1167GR
	I-O DATA DEVICE, INC.	WN-G300EX
	I-O DATA DEVICE, INC.	WN-G300R
	I-O DATA DEVICE, INC.	WN-G300R3
	I-O DATA DEVICE, INC.	WN-G300SR
	I-O DATA DEVICE, INC.	WN-GX300GR
	I-O DATA DEVICE, INC.	WNPR1167F
	I-O DATA DEVICE, INC.	WNPR1167G
	I-O DATA DEVICE, INC.	WNPR1750G
	I-O DATA DEVICE, INC.	WNPR2600G

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000007.html",
  "dc:date": "2018-04-11T11:51+09:00",
  "dcterms:issued": "2018-02-06T14:22+09:00",
  "dcterms:modified": "2018-04-11T11:51+09:00",
  "description": "\"MagicalFinder\" provided by I-O DATA DEVICE, INC. is a IP address setting tool to for I-O DATA network devices such as routers, network cameras, strages, etc.  Multiple I-O DATA network devices that incorporate \"MagicalFinder\" contain an OS command injection vulnerability (CWE-78).\r\n\r\nTaizo Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000007.html",
  "sec:cpe": [
    {
      "#text": "cpe:/h:i-o_data_device:bx-vp1",
      "@product": "BX-VP1",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:gv-ntx1",
      "@product": "GV-NTX1",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:gv-ntx2",
      "@product": "GV-NTX2",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:hdl-a",
      "@product": "HDL-A Series",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:hdl-ah",
      "@product": "HDL-AH Series",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:hdl-gt",
      "@product": "HDL-GT Series",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:hdl-gtr",
      "@product": "HDL-GTR Series",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:hdl-t",
      "@product": "HDL-T Series",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:hdl-xr",
      "@product": "HDL-XR Series",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:hdl-xr2u",
      "@product": "HDL-XR2U Series",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:hdl-xr2uw",
      "@product": "HDL-XR2UW Series",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:hdl-xrw",
      "@product": "HDL-XRW Series",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:hdl-xv",
      "@product": "HDL-XV Series",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:hdl-xvw",
      "@product": "HDL-XVW Series",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:hdl2-a",
      "@product": "HDL2-A Series",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:hdl2-ah",
      "@product": "HDL2-AH Series",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:hfas1",
      "@product": "HFAS1 Series",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:hls-c",
      "@product": "HLS-C Series",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:hvl-a",
      "@product": "HVL-A series",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:hvl-at",
      "@product": "HVL-AT series",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:hvl-ata",
      "@product": "HVL-ATA series",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:hvl-s",
      "@product": "HVL-S Series",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:whg-ac1750%2fal",
      "@product": "WHG-AC1750/AL",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:whg-ac1750a",
      "@product": "WHG-AC1750/A",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:whg-napga",
      "@product": "WHG-NAPG/A",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:whg-napgal",
      "@product": "WHG-NAPG/AL",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:wn-ac1167dgr",
      "@product": "WN-AC1167DGR",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:wn-ac1300ex",
      "@product": "WN-AC1300EX",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:wn-ac1600dgr",
      "@product": "WN-AC1600DGR",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:wn-ac583rk",
      "@product": "WN-AC583RK",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:wn-ac583trk",
      "@product": "WN-AC583TRK",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:wn-ag300dgr",
      "@product": "WN-AG300DGR",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:wn-ag750dgr",
      "@product": "WN-AG750DGR",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:wn-ax1167gr",
      "@product": "WN-AX1167GR",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:wn-g300ex",
      "@product": "WN-G300EX",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:wn-g300r",
      "@product": "WN-G300R",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:wn-g300r3",
      "@product": "WN-G300R3",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:wn-g300sr",
      "@product": "WN-G300SR",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:wn-gx300gr",
      "@product": "WN-GX300GR",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:wnpr1167f",
      "@product": "WNPR1167F",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:wnpr1167g",
      "@product": "WNPR1167G",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:wnpr1750g",
      "@product": "WNPR1750G",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:wnpr2600g",
      "@product": "WNPR2600G",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "5.2",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "6.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2018-000007",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN36048131/index.html",
      "@id": "JVN#36048131",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0512",
      "@id": "CVE-2018-0512",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0512",
      "@id": "CVE-2018-0512",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    }
  ],
  "title": "Multiple I-O DATA network devices incorporating \"MagicalFinder\" vulnerable to OS command injection"
}