Cross site request forgery (csrf)

2016-09-2410:59:00

PRIOn knowledge base

www.prio-n.com

8 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.7%

JSON

Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE HVL-A2.0, HVL-A3.0, HVL-A4.0, HVL-AT1.0S, HVL-AT2.0, HVL-AT3.0, HVL-AT4.0, HVL-AT2.0A, HVL-AT3.0A, and HVL-AT4.0A devices with firmware before 2.04 allows remote attackers to hijack the authentication of arbitrary users for requests that delete content.

CPENameOperatorVersion
hvl-a2.0_firmwareeq2.03
hvl-a3.0_firmwareeq2.03
hvl-a4.0_firmwareeq2.03
hvl-at1.0s_firmwareeq2.03
hvl-at2.0_firmwareeq2.03
hvl-at2.0a_firmwareeq2.03
hvl-at3.0_firmwareeq2.03
hvl-at3.0a_firmwareeq2.03
hvl-at4.0_firmwareeq2.03
hvl-at4.0a_firmwareeq2.03

Name	Operator	Version
hvl-a2.0_firmware	eq	2.03
hvl-a3.0_firmware	eq	2.03
hvl-a4.0_firmware	eq	2.03
hvl-at1.0s_firmware	eq	2.03
hvl-at2.0_firmware	eq	2.03
hvl-at2.0a_firmware	eq	2.03
hvl-at3.0_firmware	eq	2.03
hvl-at3.0a_firmware	eq	2.03
hvl-at4.0_firmware	eq	2.03
hvl-at4.0a_firmware	eq	2.03