iodata 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に バッファオーバーフロー and vendor risk cross-site scripting などに関し、一部は ファイル上書き を招き、vendor surface production workloads and vendor surface software deployment 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2023-29805 | WFS-SR03 v1.0.3 was discovered to contain a command injection vulnerability via the pro_stor_canceltrans_handler_part_19 function. | [email protected] | 9.8 | 2.36% | 2023-04-14 | 2025-02-06 |
| CVE-2023-29804 | WFS-SR03 v1.0.3 was discovered to contain a command injection vulnerability via the sys_smb_pwdmod function. | [email protected] | 8.8 | 17.49% | 2023-04-14 | 2025-02-06 |
| CVE-2019-19823 | A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wire | [email protected] | 7.5 | 6.41% | 2020-01-27 | 2024-11-21 |
| CVE-2019-19822 | A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) allows remote attackers to retrieve the configuration, including sensitive data (usernames and passwords). This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER | [email protected] | 7.5 | 8.67% | 2020-01-27 | 2024-11-21 |
| CVE-2018-0663 | Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials which may allow an remote authenticated attacker to execute arbitrary OS commands on the device via unspecified vector. | [email protected] | 8.8 | 1.62% | 2018-09-07 | 2024-11-21 |
| CVE-2018-0662 | Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to add malicious files on the device and execute arbitrary code. | [email protected] | 6.8 | 0.42% | 2018-09-07 | 2024-11-21 |
| CVE-2018-0661 | Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to bypass access restriction to add files on a specific directory that may result in executing arbitrary OS commands/code or information including credentials leakage or alteration. | [email protected] | 8.8 | 0.64% | 2018-09-07 | 2024-11-21 |
| CVE-2018-0512 | Devices with IP address setting tool "MagicalFinder" provided by I-O DATA DEVICE, INC. allow authenticated attackers to execute arbitrary OS commands via unspecified vectors. | [email protected] | 6.8 | 0.69% | 2018-02-08 | 2024-11-21 |
| CVE-2017-10875 | I-O DATA DEVICE LAN DISK Connect Ver2.02 and earlier allows an attacker to cause a denial of service in the application via unspecified vectors. | [email protected] | 7.5 | 1.23% | 2017-11-13 | 2026-05-13 |
| CVE-2017-2283 | WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device. | [email protected] | 8.0 | 0.63% | 2017-08-02 | 2026-05-13 |
| CVE-2017-2282 | Buffer overflow in WN-AX1167GR firmware version 3.00 and earlier allows an attacker to execute arbitrary commands via unspecified vectors. | [email protected] | 6.8 | 0.66% | 2017-08-02 | 2026-05-13 |
| CVE-2017-2281 | WN-AX1167GR firmware version 3.00 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | [email protected] | 8.8 | 0.84% | 2017-08-02 | 2026-05-13 |
| CVE-2017-2280 | WN-AX1167GR firmware version 3.00 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device. | [email protected] | 8.8 | 0.84% | 2017-08-02 | 2026-05-13 |
| CVE-2017-2223 | Cross-site request forgery (CSRF) vulnerability in TS-WPTCAM, TS-PTCAM, TS-PTCAM/POE, TS-WLC2, TS-WLCE, TS-WRLC firmware version 1.19 and earlier and TS-WPTCAM2 firmware version 1.01 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | [email protected] | 8.8 | 0.91% | 2017-07-07 | 2026-05-13 |
| CVE-2016-7820 | Buffer overflow in I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to cause a denial-of-service (DoS) or execute arbitrary code via unspecified vectors. | [email protected] | 7.2 | 3.25% | 2017-06-09 | 2026-05-13 |
| CVE-2016-7819 | I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. | [email protected] | 7.2 | 2.20% | 2017-06-09 | 2026-05-13 |
| CVE-2016-7814 | I-O DATA DEVICE TS-WRLP firmware version 1.00.01 and earlier and TS-WRLA firmware version 1.00.01 and earlier allow remote attackers to obtain authentication credentials via unspecified vectors. | [email protected] | 7.5 | 2.66% | 2017-06-09 | 2026-05-13 |
| CVE-2016-7807 | I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to bypass access restriction to access data on storage devices inserted into the product via unspecified vectors. | [email protected] | 7.5 | 2.02% | 2017-06-09 | 2026-05-13 |
| CVE-2016-7806 | I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors. | [email protected] | 9.8 | 3.98% | 2017-06-09 | 2026-05-13 |
| CVE-2017-2148 | Cross-site scripting vulnerability in WN-AC1167GR firmware version 1.04 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | [email protected] | 5.4 | 0.89% | 2017-04-28 | 2026-05-13 |