Lucene search

[email protected]CVE-2008-5382

HistoryDec 09, 2008 - 12:30 a.m.

CVE-2008-5382

2008-12-0900:30:00

CWE-352

[email protected]

web.nvd.nist.gov

cve-2008-5382

csrf

vulnerability

i-o data

hdl-f160

hdl-f250

hdl-f300

hdl-f320

firmware

remote attackers

configuration

delete files

authenticated user

nvd

security

6.6 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

59.6%

JSON

Cross-site request forgery (CSRF) vulnerability in I-O DATA DEVICE HDL-F160, HDL-F250, HDL-F300, and HDL-F320 firmware before 1.02 allows remote attackers to (1) change a configuration or (2) delete files as an authenticated user via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Affected configurations

NVD

Node

i-o_datahlf-f160

i-o_datahlf-f250

i-o_datahlf-f300

i-o_datahlf-f320

CPENameOperatorVersion
i-o_data:hlf-f160i-o data hlf-f160eq*
i-o_data:hlf-f250i-o data hlf-f250eq*
i-o_data:hlf-f300i-o data hlf-f300eq*
i-o_data:hlf-f320i-o data hlf-f320eq*

CPE	Name	Operator	Version
i-o_data:hlf-f160	i-o data hlf-f160	eq	*
i-o_data:hlf-f250	i-o data hlf-f250	eq	*
i-o_data:hlf-f300	i-o data hlf-f300	eq	*
i-o_data:hlf-f320	i-o data hlf-f320	eq	*

References

jvn.jp/en/jp/JVN70599814/index.html

osvdb.org/50183

secunia.com/advisories/32836

www.iodata.jp/news/2008/important/hdl-f.htm

exchange.xforce.ibmcloud.com/vulnerabilities/46880

6.6 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

59.6%

JSON

Related for CVE-2008-5382

jvn1 cvelist1 prion1 nvd1