← Back

CVE-2016-4845

nvd nist
Published: Sep 24, 2016Modified: May 6, 2026

JSON object

Loading...
8.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE HVL-A2.0, HVL-A3.0, HVL-A4.0, HVL-AT1.0S, HVL-AT2.0, HVL-AT3.0, HVL-AT4.0, HVL-AT2.0A, HVL-AT3.0A, and HVL-AT4.0A devices with firmware before 2.04 allows remote attackers to hijack the authentication of arbitrary users for requests that delete content.

Affected (10)

Iodata
10 products
Hvl A2.0 Firmware
Hvl A3.0 Firmware
Hvl A4.0 Firmware
Hvl At1.0s Firmware
Hvl At2.0 Firmware
Hvl At2.0a Firmware
Hvl At3.0 Firmware
Hvl At3.0a Firmware
Hvl At4.0 Firmware
Hvl At4.0a Firmware
Configuration A
10 vulnerable · 3 platform
Vulnerable SoftwareAffected Versions
Hvl A2.0 Firmware
Version 2.03
Hvl A3.0 Firmware
Version 2.03
Hvl A4.0 Firmware
Version 2.03
Hvl At1.0s Firmware
Version 2.03
Hvl At2.0 Firmware
Version 2.03
Hvl At2.0a Firmware
Version 2.03
Hvl At3.0 Firmware
Version 2.03
Hvl At3.0a Firmware
Version 2.03
Hvl At4.0 Firmware
Version 2.03
Hvl At4.0a Firmware
Version 2.03
Running on/withPlatform Versions
Iodata
Hvl A
All versions
Iodata
Hvl At
All versions
Iodata
Hvl Ata
All versions

Related CWEs

CWE-352
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (8)

Source: vultures@jpcert.or.jp
Third Party Advisory
Source: vultures@jpcert.or.jp
Third Party AdvisoryVDB Entry
Source: vultures@jpcert.or.jp
Vendor Advisory
Source: vultures@jpcert.or.jp
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.