Authentication Bypass in I-O DATA Network Attached Hard Disk HDL-T Series
CVE-2025-32738

6.9MEDIUM

Key Information:

Vendor: I-o Data Device, Inc.
Status: Hdl-tc1; Hdl-tc500; Hdl-t1nv; Hdl-t1wh
Vendor: CVE Published:; 15 May 2025

🔔 Create I-o Data Device, Inc. Vulnerability Alert

What is CVE-2025-32738?

A security vulnerability has been identified in the firmware of I-O DATA's HDL-T Series network-attached hard disk. Specifically, versions 1.21 and earlier are affected by a missing authentication issue, which could allow remote unauthenticated attackers to modify critical product settings. This flaw poses a substantial risk as it enables unauthorized changes that could compromise the integrity and security of the device and its stored data.

Affected Version(s)

HDL-T1NV Ver.1.21 and earlier

HDL-T1WH Ver.1.21 and earlier

HDL-T2NV Ver.1.21 and earlier

References

https://www.iodata.jp/support/information/2025/05_hdl-t/

https://jvn.jp/en/vu/JVNVU91726405/

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 15, 2025
Vulnerability Reserved
Apr 15, 2025