Описание
Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE HVL-A2.0, HVL-A3.0, HVL-A4.0, HVL-AT1.0S, HVL-AT2.0, HVL-AT3.0, HVL-AT4.0, HVL-AT2.0A, HVL-AT3.0A, and HVL-AT4.0A devices with firmware before 2.04 allows remote attackers to hijack the authentication of arbitrary users for requests that delete content.
Ссылки
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:o:iodata:hvl-a2.0_firmware:2.03:*:*:*:*:*:*:*
cpe:2.3:o:iodata:hvl-a3.0_firmware:2.03:*:*:*:*:*:*:*
cpe:2.3:o:iodata:hvl-a4.0_firmware:2.03:*:*:*:*:*:*:*
cpe:2.3:o:iodata:hvl-at1.0s_firmware:2.03:*:*:*:*:*:*:*
cpe:2.3:o:iodata:hvl-at2.0_firmware:2.03:*:*:*:*:*:*:*
cpe:2.3:o:iodata:hvl-at2.0a_firmware:2.03:*:*:*:*:*:*:*
cpe:2.3:o:iodata:hvl-at3.0_firmware:2.03:*:*:*:*:*:*:*
cpe:2.3:o:iodata:hvl-at3.0a_firmware:2.03:*:*:*:*:*:*:*
cpe:2.3:o:iodata:hvl-at4.0_firmware:2.03:*:*:*:*:*:*:*
cpe:2.3:o:iodata:hvl-at4.0a_firmware:2.03:*:*:*:*:*:*:*
Одно из
cpe:2.3:h:iodata:hvl-a:-:*:*:*:*:*:*:*
cpe:2.3:h:iodata:hvl-at:-:*:*:*:*:*:*:*
cpe:2.3:h:iodata:hvl-ata:-:*:*:*:*:*:*:*
EPSS
Процентиль: 90%
0.05576
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE HVL-A2.0, HVL-A3.0, HVL-A4.0, HVL-AT1.0S, HVL-AT2.0, HVL-AT3.0, HVL-AT4.0, HVL-AT2.0A, HVL-AT3.0A, and HVL-AT4.0A devices with firmware before 2.04 allows remote attackers to hijack the authentication of arbitrary users for requests that delete content.
EPSS
Процентиль: 90%
0.05576
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352