CVE-2016-4845
Last modified
CVE-2016-4845 is a vulnerability of currently unknown severity. Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE HVL-A2.0, HVL-A3.0, HVL-A4.0, HVL-AT1.0S, HVL-AT2.0, HVL-AT3.0, HVL-AT4.0, HVL-AT2.0A, HVL-AT3.0A, and HVL-AT4.0A devices with firmware before 2.04 allows remote attackers to hijack the authentication of arbitrary users for requests that delete content.. EPSS estimates a 2.38% chance of exploitation in the next 30 days.
Description
Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE HVL-A2.0, HVL-A3.0, HVL-A4.0, HVL-AT1.0S, HVL-AT2.0, HVL-AT3.0, HVL-AT4.0, HVL-AT2.0A, HVL-AT3.0A, and HVL-AT4.0A devices with firmware before 2.04 allows remote attackers to hijack the authentication of arbitrary users for requests that delete content.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Iodata | Hvl-A2.0 Firmware | 2.03 |
| Iodata | Hvl-A3.0 Firmware | 2.03 |
| Iodata | Hvl-A4.0 Firmware | 2.03 |
| Iodata | Hvl-At1.0s Firmware | 2.03 |
| Iodata | Hvl-At2.0 Firmware | 2.03 |
| Iodata | Hvl-At2.0a Firmware | 2.03 |
| Iodata | Hvl-At3.0 Firmware | 2.03 |
| Iodata | Hvl-At3.0a Firmware | 2.03 |
| Iodata | Hvl-At4.0 Firmware | 2.03 |
| Iodata | Hvl-At4.0a Firmware | 2.03 |
References
- http://jvn.jp/en/jp/JVN35062083/index.htmlThird Party Advisory
- http://jvndb.jvn.jp/jvndb/JVNDB-2016-000134Third Party Advisory, VDB Entry
- http://www.iodata.jp/support/information/2016/hvl-a_csrf/Vendor Advisory
- http://jvn.jp/en/jp/JVN35062083/index.htmlThird Party Advisory
- http://jvndb.jvn.jp/jvndb/JVNDB-2016-000134Third Party Advisory, VDB Entry
- http://www.iodata.jp/support/information/2016/hvl-a_csrf/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-4845?
How severe is CVE-2016-4845?
How do I fix CVE-2016-4845?
Are you affected by CVE-2016-4845?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST