Vulnerability Details : CVE-2013-4712
I-O DATA DEVICE HDL-A and HDL2-A devices with firmware 1.07 and earlier do not properly manage sessions, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors.
Exploit prediction scoring system (EPSS) score for CVE-2013-4712
Probability of exploitation activity in the next 30 days: 0.33%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 71 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-4712
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2013-4712
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-4712
-
http://jvn.jp/en/jp/JVN52509236/225184/index.html
Japan Vulnerability Notes/Information from I-O DATA DEVICE, INC.
-
http://jvn.jp/en/jp/JVN52509236/index.html
JVN#52509236: HDL-A and HDL2-A Series vulnerable in session management
-
http://jvndb.jvn.jp/jvndb/JVNDB-2013-000095
JVNDB-2013-000095 - JVN iPedia - 脆弱性対策情報データベース
-
http://rm2.iobb.net
Dynamic DNS Service - iobb.net
Products affected by CVE-2013-4712
- cpe:2.3:h:iodata:hdl2-ah:-:*:*:*:*:*:*:*
- cpe:2.3:h:iodata:hdl2-a\/e:-:*:*:*:*:*:*:*
- cpe:2.3:o:iodata:hdl2-a_firmware:1.07:*:*:*:*:*:*:*
- cpe:2.3:h:iodata:hdl-as:-:*:*:*:*:*:*:*
- cpe:2.3:h:iodata:hdl-ah:-:*:*:*:*:*:*:*
- cpe:2.3:h:iodata:hdl-a\/e:-:*:*:*:*:*:*:*
- cpe:2.3:o:iodata:hdl-a_firmware:*:*:*:*:*:*:*:*