Refine your search
2 vulnerabilities found for HDL-T Series by I-O DATA DEVICE, INC.
jvndb-2025-005057
Vulnerability from jvndb
Published
2025-05-15 18:27
Modified
2025-05-15 18:27
Severity ?
Summary
Multiple vulnerabilities in I-O DATA network attached hard disk 'HDL-T Series'
Details
Network attached hard disk 'HDL-T Series' provided by I-O DATA DEVICE, INC. contains multiple vulnerabilities.
<ul>
<li>OS command injection (CWE-78)</li>
<ul>
<li>Affected when 'Remote Link3 function' is enabled</li>
<li>CVE-2025-32002</li>
</ul>
<li>Missing authentication for critical function (CWE-306)</li>
<ul><li>CVE-2025-32738</li></ul>
</ul>
Chuya Hayakawa and Ryo Kamino of 00One, Inc. reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.
References
| Type | URL | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-005057.html",
"dc:date": "2025-05-15T18:27+09:00",
"dcterms:issued": "2025-05-15T18:27+09:00",
"dcterms:modified": "2025-05-15T18:27+09:00",
"description": "Network attached hard disk \u0027HDL-T Series\u0027 provided by I-O DATA DEVICE, INC. contains multiple vulnerabilities.\r\n\r\n\u003cul\u003e\r\n\u003cli\u003eOS command injection (CWE-78)\u003c/li\u003e\r\n\u003cul\u003e\r\n\u003cli\u003eAffected when \u0027Remote Link3 function\u0027 is enabled\u003c/li\u003e\r\n\u003cli\u003eCVE-2025-32002\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\r\n\u003cli\u003eMissing authentication for critical function (CWE-306)\u003c/li\u003e\r\n\u003cul\u003e\u003cli\u003eCVE-2025-32738\u003c/li\u003e\u003c/ul\u003e\r\n\u003c/ul\u003e\r\n\r\nChuya Hayakawa and Ryo Kamino of 00One, Inc. reported these vulnerabilities to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-005057.html",
"sec:cpe": {
"#text": "cpe:/h:i-o_data_device:hdl-t",
"@product": "HDL-T Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "9.8",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-005057",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU91726405/index.html",
"@id": "JVNVU#91726405",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-32002",
"@id": "CVE-2025-32002",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-32738",
"@id": "CVE-2025-32738",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/306.html",
"@id": "CWE-306",
"@title": "Missing Authentication for Critical Function(CWE-306)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
}
],
"title": "Multiple vulnerabilities in I-O DATA network attached hard disk \u0027HDL-T Series\u0027"
}
jvndb-2018-000007
Vulnerability from jvndb
Published
2018-02-06 14:22
Modified
2018-04-11 11:51
Severity ?
Summary
Multiple I-O DATA network devices incorporating "MagicalFinder" vulnerable to OS command injection
Details
"MagicalFinder" provided by I-O DATA DEVICE, INC. is a IP address setting tool to for I-O DATA network devices such as routers, network cameras, strages, etc. Multiple I-O DATA network devices that incorporate "MagicalFinder" contain an OS command injection vulnerability (CWE-78).
Taizo Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000007.html",
"dc:date": "2018-04-11T11:51+09:00",
"dcterms:issued": "2018-02-06T14:22+09:00",
"dcterms:modified": "2018-04-11T11:51+09:00",
"description": "\"MagicalFinder\" provided by I-O DATA DEVICE, INC. is a IP address setting tool to for I-O DATA network devices such as routers, network cameras, strages, etc. Multiple I-O DATA network devices that incorporate \"MagicalFinder\" contain an OS command injection vulnerability (CWE-78).\r\n\r\nTaizo Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000007.html",
"sec:cpe": [
{
"#text": "cpe:/h:i-o_data_device:bx-vp1",
"@product": "BX-VP1",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:gv-ntx1",
"@product": "GV-NTX1",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:gv-ntx2",
"@product": "GV-NTX2",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl-a",
"@product": "HDL-A Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl-ah",
"@product": "HDL-AH Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl-gt",
"@product": "HDL-GT Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl-gtr",
"@product": "HDL-GTR Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl-t",
"@product": "HDL-T Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl-xr",
"@product": "HDL-XR Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl-xr2u",
"@product": "HDL-XR2U Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl-xr2uw",
"@product": "HDL-XR2UW Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl-xrw",
"@product": "HDL-XRW Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl-xv",
"@product": "HDL-XV Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl-xvw",
"@product": "HDL-XVW Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl2-a",
"@product": "HDL2-A Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl2-ah",
"@product": "HDL2-AH Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hfas1",
"@product": "HFAS1 Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hls-c",
"@product": "HLS-C Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hvl-a",
"@product": "HVL-A series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hvl-at",
"@product": "HVL-AT series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hvl-ata",
"@product": "HVL-ATA series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hvl-s",
"@product": "HVL-S Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:whg-ac1750%2fal",
"@product": "WHG-AC1750/AL",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:whg-ac1750a",
"@product": "WHG-AC1750/A",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:whg-napga",
"@product": "WHG-NAPG/A",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:whg-napgal",
"@product": "WHG-NAPG/AL",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-ac1167dgr",
"@product": "WN-AC1167DGR",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-ac1300ex",
"@product": "WN-AC1300EX",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-ac1600dgr",
"@product": "WN-AC1600DGR",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-ac583rk",
"@product": "WN-AC583RK",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-ac583trk",
"@product": "WN-AC583TRK",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-ag300dgr",
"@product": "WN-AG300DGR",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-ag750dgr",
"@product": "WN-AG750DGR",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-ax1167gr",
"@product": "WN-AX1167GR",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-g300ex",
"@product": "WN-G300EX",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-g300r",
"@product": "WN-G300R",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-g300r3",
"@product": "WN-G300R3",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-g300sr",
"@product": "WN-G300SR",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-gx300gr",
"@product": "WN-GX300GR",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wnpr1167f",
"@product": "WNPR1167F",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wnpr1167g",
"@product": "WNPR1167G",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wnpr1750g",
"@product": "WNPR1750G",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wnpr2600g",
"@product": "WNPR2600G",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "5.2",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000007",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN36048131/index.html",
"@id": "JVN#36048131",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0512",
"@id": "CVE-2018-0512",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0512",
"@id": "CVE-2018-0512",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
}
],
"title": "Multiple I-O DATA network devices incorporating \"MagicalFinder\" vulnerable to OS command injection"
}