Refine your search
1 vulnerability found for HDL-F Series by I-O DATA DEVICE, INC.
jvndb-2008-000079
Vulnerability from jvndb
Published
2008-12-02 15:50
Modified
2008-12-02 15:50
Summary
I-O DATA DEVICE HDL-F series cross-site request forgery vulnerability
Details
The HDL-F series products from I-O DATA DEVICE, INC. are LAN connectable hard disk drives. The web interface for administration in the products contains a cross-site request forgery vulnerability.
The HDL-F series products provided by I-O DATA DEVICE, INC. are LAN connectable hard disk drives. Configuration of these devices are done through a web-based interface. This web interface is vulnerable to cross-site request forgery.
Firmware updates addressing this vulnerability have been provided by the vendor since August 28, 2008.
Takayuki Ogiso reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
|
|
||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000079.html",
"dc:date": "2008-12-02T15:50+09:00",
"dcterms:issued": "2008-12-02T15:50+09:00",
"dcterms:modified": "2008-12-02T15:50+09:00",
"description": "The HDL-F series products from I-O DATA DEVICE, INC. are LAN connectable hard disk drives. The web interface for administration in the products contains a cross-site request forgery vulnerability.\r\n\r\nThe HDL-F series products provided by I-O DATA DEVICE, INC. are LAN connectable hard disk drives. Configuration of these devices are done through a web-based interface. This web interface is vulnerable to cross-site request forgery.\r\n\r\nFirmware updates addressing this vulnerability have been provided by the vendor since August 28, 2008.\r\n\r\nTakayuki Ogiso reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000079.html",
"sec:cpe": {
"#text": "cpe:/h:i-o_data_device:hlf-f",
"@product": "HDL-F Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.0",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:C/A:C",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2008-000079",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN70599814/index.html",
"@id": "JVN#70599814",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5382",
"@id": "CVE-2008-5382",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5382",
"@id": "CVE-2008-5382",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/english/vuln/200811_iodata_en.html",
"@id": "Security Alert for I-O DATA DEVICE HDL-F Series Vulnerability",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "http://secunia.com/advisories/32836",
"@id": "SA32836",
"@source": "SECUNIA"
},
{
"#text": "http://osvdb.org/50183",
"@id": "50183",
"@source": "OSVDB"
},
{
"#text": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000079.html",
"@id": "JVNDB-2008-000079",
"@source": "JVNDB_Ja"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "I-O DATA DEVICE HDL-F series cross-site request forgery vulnerability"
}