CVE-2016-4845

Published on: 09/24/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:26:59 PM UTC

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Certain versions of Hvl-a from Iodata contain the following vulnerability:

Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE HVL-A2.0, HVL-A3.0, HVL-A4.0, HVL-AT1.0S, HVL-AT2.0, HVL-AT3.0, HVL-AT4.0, HVL-AT2.0A, HVL-AT3.0A, and HVL-AT4.0A devices with firmware before 2.04 allows remote attackers to hijack the authentication of arbitrary users for requests that delete content.

  • CVE-2016-4845 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 8.8 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE REQUIRED
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 6.8 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL PARTIAL PARTIAL

CVE References

Description Tags Link
JVN#35062083: Multiple I-O DATA Recording Hard disk products vulnerable to cross-site request forgery Third Party Advisory
jvn.jp
text/xml
URL Logo JVN JVN#35062083
No Description Provided Third Party Advisory
VDB Entry
jvndb.jvn.jp
text/html
URL Logo JVNDB JVNDB-2016-000134
クロスサイトリクエストフォージェリの脆弱性について | IODATA アイ・オー・データ機器 Vendor Advisory
www.iodata.jp
text/html
URL Logo CONFIRM www.iodata.jp/support/information/2016/hvl-a_csrf/
Multiple I-O DATA DEVICE Products CVE-2016-4845 Cross Site Request Forgery Vulnerability cve.report (archive)
text/html
URL Logo BID 92352

Exploit/POC from Github

Proof of concept for CSRF vulnerability(CVE-2016-4825) on IO-DATA Recording Hard Disc Drive

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
HardwareIodataHvl-a-AllAllAll
HardwareIodataHvl-a-AllAllAll
Operating
System
IodataHvl-a2.0 Firmware2.03AllAllAll
Operating
System
IodataHvl-a2.0 Firmware2.03AllAllAll
Operating
System
IodataHvl-a3.0 Firmware2.03AllAllAll
Operating
System
IodataHvl-a3.0 Firmware2.03AllAllAll
Operating
System
IodataHvl-a4.0 Firmware2.03AllAllAll
Operating
System
IodataHvl-a4.0 Firmware2.03AllAllAll
HardwareIodataHvl-at-AllAllAll
HardwareIodataHvl-at-AllAllAll
Operating
System
IodataHvl-at1.0s Firmware2.03AllAllAll
Operating
System
IodataHvl-at1.0s Firmware2.03AllAllAll
Operating
System
IodataHvl-at2.0a Firmware2.03AllAllAll
Operating
System
IodataHvl-at2.0a Firmware2.03AllAllAll
Operating
System
IodataHvl-at2.0 Firmware2.03AllAllAll
Operating
System
IodataHvl-at2.0 Firmware2.03AllAllAll
Operating
System
IodataHvl-at3.0a Firmware2.03AllAllAll
Operating
System
IodataHvl-at3.0a Firmware2.03AllAllAll
Operating
System
IodataHvl-at3.0 Firmware2.03AllAllAll
Operating
System
IodataHvl-at3.0 Firmware2.03AllAllAll
Operating
System
IodataHvl-at4.0a Firmware2.03AllAllAll
Operating
System
IodataHvl-at4.0a Firmware2.03AllAllAll
Operating
System
IodataHvl-at4.0 Firmware2.03AllAllAll
Operating
System
IodataHvl-at4.0 Firmware2.03AllAllAll
HardwareIodataHvl-ata-AllAllAll
HardwareIodataHvl-ata-AllAllAll
  • cpe:2.3:h:iodata:hvl-a:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:iodata:hvl-a:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:iodata:hvl-a2.0_firmware:2.03:*:*:*:*:*:*:*:
  • cpe:2.3:o:iodata:hvl-a2.0_firmware:2.03:*:*:*:*:*:*:*:
  • cpe:2.3:o:iodata:hvl-a3.0_firmware:2.03:*:*:*:*:*:*:*:
  • cpe:2.3:o:iodata:hvl-a3.0_firmware:2.03:*:*:*:*:*:*:*:
  • cpe:2.3:o:iodata:hvl-a4.0_firmware:2.03:*:*:*:*:*:*:*:
  • cpe:2.3:o:iodata:hvl-a4.0_firmware:2.03:*:*:*:*:*:*:*:
  • cpe:2.3:h:iodata:hvl-at:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:iodata:hvl-at:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:iodata:hvl-at1.0s_firmware:2.03:*:*:*:*:*:*:*:
  • cpe:2.3:o:iodata:hvl-at1.0s_firmware:2.03:*:*:*:*:*:*:*:
  • cpe:2.3:o:iodata:hvl-at2.0a_firmware:2.03:*:*:*:*:*:*:*:
  • cpe:2.3:o:iodata:hvl-at2.0a_firmware:2.03:*:*:*:*:*:*:*:
  • cpe:2.3:o:iodata:hvl-at2.0_firmware:2.03:*:*:*:*:*:*:*:
  • cpe:2.3:o:iodata:hvl-at2.0_firmware:2.03:*:*:*:*:*:*:*:
  • cpe:2.3:o:iodata:hvl-at3.0a_firmware:2.03:*:*:*:*:*:*:*:
  • cpe:2.3:o:iodata:hvl-at3.0a_firmware:2.03:*:*:*:*:*:*:*:
  • cpe:2.3:o:iodata:hvl-at3.0_firmware:2.03:*:*:*:*:*:*:*:
  • cpe:2.3:o:iodata:hvl-at3.0_firmware:2.03:*:*:*:*:*:*:*:
  • cpe:2.3:o:iodata:hvl-at4.0a_firmware:2.03:*:*:*:*:*:*:*:
  • cpe:2.3:o:iodata:hvl-at4.0a_firmware:2.03:*:*:*:*:*:*:*:
  • cpe:2.3:o:iodata:hvl-at4.0_firmware:2.03:*:*:*:*:*:*:*:
  • cpe:2.3:o:iodata:hvl-at4.0_firmware:2.03:*:*:*:*:*:*:*:
  • cpe:2.3:h:iodata:hvl-ata:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:iodata:hvl-ata:-:*:*:*:*:*:*:*: