CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2016-1207
https://notcve.org/view.php?id=CVE-2016-1207
Cross-site scripting (XSS) vulnerability on I-O DATA DEVICE WN-G300R devices with firmware 1.12 and earlier, WN-G300R2 devices with firmware 1.12 and earlier, and WN-G300R3 devices with firmware 1.01 and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en dispositivos I-O DATA DEVICE WN-G300R con firmware 1.12 y versiones anteriores, dispositivos WN-G300R2 con firmware 1.12 y versiones anteriores, y dispositivos WN-G300R3 con firmware 1.01 y versiones anteriores permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://jvn.jp/en/jp/JVN22978346/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000062 http://www.iodata.jp/support/information/2016/wn-g300r_xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2015-2984
https://notcve.org/view.php?id=CVE-2015-2984
I-O DATA DEVICE WN-G54/R2 routers with firmware before 1.03 and NP-BBRS routers allow remote attackers to cause a denial of service (SSDP reflection) via UPnP requests. Vulnerabilidad en routers I-O DATA DEVICE WN-G con firmware anterior a 1.03 y en routers NP-BBRS permite a atacantes remotos causar una denegación de servicio (SSDP reflection) a través de peticiones UPnP. • http://jvn.jp/en/jp/JVN17964918/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2015-000117 http://www.iodata.jp/support/information/2015/wn-g54r2 http://www.securityfocus.com/bid/76393 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.4EPSS: 0%CPEs: 12EXPL: 0CVE-2014-3895
https://notcve.org/view.php?id=CVE-2014-3895
The I-O DATA TS-WLCAM camera with firmware 1.06 and earlier, TS-WLCAM/V camera with firmware 1.06 and earlier, TS-WPTCAM camera with firmware 1.08 and earlier, TS-PTCAM camera with firmware 1.08 and earlier, TS-PTCAM/POE camera with firmware 1.08 and earlier, and TS-WLC2 camera with firmware 1.02 and earlier allow remote attackers to bypass authentication, and consequently obtain sensitive credential and configuration data, via unspecified vectors. La camera I-O DATA TS-WLCAM con firmware 1.06 y anteriores, la camera TS-WLCAM/V con firmware 1.06 y anteriores, la camera TS-WPTCAM con firmware 1.08 y anteriores, la camera TS-PTCAM con firmware 1.08 y anteriores, la camera TS-PTCAM/POE con firmware 1.08 y anteriores y la camera TS-WLC2 con firmware 1.02 y anteriores permiten a atacantes remotos evadir la autenticación, y como consecuencia obtener información sensible de credenciales y datos de configuración, a través de vectores no especificados. • http://jvn.jp/en/jp/JVN94592501/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2014-000087 http://www.iodata.jp/support/information/2014/qwatch • CWE-287: Improper Authentication •
CVSS: 3.5EPSS: 0%CPEs: 12EXPL: 0CVE-2013-4713
https://notcve.org/view.php?id=CVE-2013-4713
Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad cross-site scripting (XSS) en I-O DATA DEVICE RockDisk con el firmware anterior a 1.05e1-2.0.5 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://jvn.jp/en/jp/JVN74608669/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000096 http://www.ioplaza.jp/shop/contents/rdiskmanual.aspx • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2013-4712
https://notcve.org/view.php?id=CVE-2013-4712
I-O DATA DEVICE HDL-A and HDL2-A devices with firmware 1.07 and earlier do not properly manage sessions, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors. Dispositivos I-O DATA DEVICE HDL-A y HDL2-A con firmware 1.07 y anteriores no gestionan adecuadamente las sesiones, lo que permite a atacantes remotos obtener información sensible o modificar datos mediante vectores no especificados. • http://jvn.jp/en/jp/JVN52509236/225184/index.html http://jvn.jp/en/jp/JVN52509236/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000095 http://rm2.iobb.net • CWE-399: Resource Management Errors •