Command Injection Vulnerability in I-O DATA Device Firmware
CVE-2016-7819

7.2HIGH

Key Information:

Vendor

I-o Data Device, Inc.

Status
Ts-wrlp
Ts-wrla
Vendor
CVE Published:
9 June 2017

What is CVE-2016-7819?

The I-O DATA Device firmware exhibits a command injection vulnerability that permits an attacker with administrative rights to execute arbitrary operating system commands. This can be achieved through various unspecified vectors, potentially compromising the security and integrity of the device. Users of the affected firmware versions are strongly advised to apply the necessary updates to safeguard against such exploits.

Affected Version(s)

TS-WRLA firmware version 1.01.02 and earlier

TS-WRLP firmware version 1.01.02 and earlier

References

http://www.securityfocus.com/bid/94594
vdb-entryx_refsource_BID
http://www.iodata.jp/support/information/2016/ts-wrlap_2/
x_refsource_CONFIRM
https://jvn.jp/en/jp/JVN25059363/index.html
third-party-advisoryx_refsource_JVN

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2016-7819 : Command Injection Vulnerability in I-O DATA Device Firmware