Details of VAR-201310-0460

ID

VAR-201310-0460

CVE

CVE-2013-4712

TITLE

HDL-A and HDL2-A Series vulnerable in session management

Trust: 0.8

sources: JVNDB: JVNDB-2013-000095

DESCRIPTION

I-O DATA DEVICE HDL-A and HDL2-A devices with firmware 1.07 and earlier do not properly manage sessions, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors. HDL-A and HDL2-A Series provided by I-O DATA DEVICE, INC. are LAN connectable hard disk drives. HDL-A and HDL2-A Series contain a vulnerability related to the management of sessions. Kazuki Hirota of Keio University Keiji Takeda Research Group reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A remote unauthenticated attacker may impersonate a user. As a result, information may be disclosed or altered. I-O DATA HDL is a network mobile device with built-in LAN connectivity. I-O DATA HDL has an unspecified error that allows an attacker to exploit a vulnerability to hijack other user sessions. Multiple I-O DATA products are prone to an unspecified session-hijacking vulnerability. Following devices running firmware versions 1.07 and prior are vulnerable: HDL-A series including HDL-AS, HDL-AH and HDL-A/E HDL2-A series including HDL2-AH and HDL2-A/E

Trust: 2.52

sources: NVD: CVE-2013-4712 // JVNDB: JVNDB-2013-000095 // CNVD: CNVD-2013-14024 // BID: 63225 // VULHUB: VHN-64714

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-14024

AFFECTED PRODUCTS

vendor:	iodata	model:	hdl2-ah	scope:	eq	version:	-	Trust: 1.6
vendor:	iodata	model:	hdl-as	scope:	eq	version:	-	Trust: 1.6
vendor:	iodata	model:	hdl-ah	scope:	eq	version:	-	Trust: 1.6
vendor:	iodata	model:	hdl-a\/e	scope:	eq	version:	-	Trust: 1.6
vendor:	iodata	model:	hdl2-a\/e	scope:	eq	version:	-	Trust: 1.6
vendor:	iodata	model:	hdl-a	scope:	lte	version:	1.07	Trust: 1.0
vendor:	iodata	model:	hdl2-a	scope:	eq	version:	1.07	Trust: 1.0
vendor:	i o data device	model:	hdl-a series	scope:	-	version:	-	Trust: 0.8
vendor:	i o data device	model:	hdl-a series	scope:	lte	version:	(includes hdl-as, hdl-ah, hdl-a/e series) firmware version 1.07	Trust: 0.8
vendor:	i o data device	model:	hdl-a/e series	scope:	-	version:	-	Trust: 0.8
vendor:	i o data device	model:	hdl-ah series	scope:	-	version:	-	Trust: 0.8
vendor:	i o data device	model:	hdl-as series	scope:	-	version:	-	Trust: 0.8
vendor:	i o data device	model:	hdl2-a series	scope:	-	version:	-	Trust: 0.8
vendor:	i o data device	model:	hdl2-a series	scope:	lte	version:	(includes hdl2-ah, hdl2-a/e series) firmware version 1.07	Trust: 0.8
vendor:	i o data device	model:	hdl2-a/e series	scope:	-	version:	-	Trust: 0.8
vendor:	i o data device	model:	hdl2-ah series	scope:	-	version:	-	Trust: 0.8
vendor:	i o	model:	data hdl-a series	scope:	-	version:	-	Trust: 0.6
vendor:	i o	model:	data hdl2-a series	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2013-14024 // JVNDB: JVNDB-2013-000095 // CNNVD: CNNVD-201310-471 // NVD: CVE-2013-4712

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-4712
value:	MEDIUM
Trust: 1.0
IPA:	JVNDB-2013-000095
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2013-14024
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201310-471
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-64714
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-4712
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
IPA:	JVNDB-2013-000095
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2013-14024
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-64714
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2013-14024 // VULHUB: VHN-64714 // JVNDB: JVNDB-2013-000095 // CNNVD: CNNVD-201310-471 // NVD: CVE-2013-4712

PROBLEMTYPE DATA

problemtype:	CWE-399	Trust: 1.1
problemtype:	CWE-264	Trust: 0.8

sources: VULHUB: VHN-64714 // JVNDB: JVNDB-2013-000095 // NVD: CVE-2013-4712

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201310-471

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201310-471

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-000095

PATCH

title:	I-O DATA DEVICE, INC. website	url:	http://www.iobb.net/remotelinkaccess/	Trust: 0.8
title:	Patch for Unknown Session Hijacking Vulnerabilities in Multiple I-O DATA Products	url:	https://www.cnvd.org.cn/patchInfo/show/40481	Trust: 0.6

sources: CNVD: CNVD-2013-14024 // JVNDB: JVNDB-2013-000095

EXTERNAL IDS

db:	NVD	id:	CVE-2013-4712	Trust: 3.4
db:	JVNDB	id:	JVNDB-2013-000095	Trust: 3.1
db:	JVN	id:	JVN52509236	Trust: 3.1
db:	BID	id:	63225	Trust: 1.0
db:	CNNVD	id:	CNNVD-201310-471	Trust: 0.7
db:	CNVD	id:	CNVD-2013-14024	Trust: 0.6
db:	JVN	id:	JVN#52509236	Trust: 0.6
db:	VULHUB	id:	VHN-64714	Trust: 0.1

sources: CNVD: CNVD-2013-14024 // VULHUB: VHN-64714 // BID: 63225 // JVNDB: JVNDB-2013-000095 // CNNVD: CNNVD-201310-471 // NVD: CVE-2013-4712

REFERENCES

url:	http://jvn.jp/en/jp/jvn52509236/index.html	Trust: 3.1
url:	http://jvn.jp/en/jp/jvn52509236/225184/index.html	Trust: 1.7
url:	http://rm2.iobb.net	Trust: 1.7
url:	http://jvndb.jvn.jp/jvndb/jvndb-2013-000095	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4712	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4712	Trust: 0.8
url:	http://jvndb.jvn.jp/en/contents/2013/jvndb-2013-000095.html	Trust: 0.6
url:	http://jvn.jp/jp/jvn52509236/index.html	Trust: 0.6
url:	http://jvndb.jvn.jp/ja/contents/2013/jvndb-2013-000095.html	Trust: 0.6
url:	http:	Trust: 0.6

sources: CNVD: CNVD-2013-14024 // VULHUB: VHN-64714 // JVNDB: JVNDB-2013-000095 // CNNVD: CNNVD-201310-471 // NVD: CVE-2013-4712

CREDITS

Kazuki Hirota from Keio University Keiji Takeda Research Group.

Trust: 0.3

sources: BID: 63225

SOURCES

db:	CNVD	id:	CNVD-2013-14024
db:	VULHUB	id:	VHN-64714
db:	BID	id:	63225
db:	JVNDB	id:	JVNDB-2013-000095
db:	CNNVD	id:	CNNVD-201310-471
db:	NVD	id:	CVE-2013-4712

LAST UPDATE DATE

2025-04-11T23:19:27.462000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-14024	date:	2013-10-24T00:00:00
db:	VULHUB	id:	VHN-64714	date:	2013-10-21T00:00:00
db:	BID	id:	63225	date:	2013-10-18T00:00:00
db:	JVNDB	id:	JVNDB-2013-000095	date:	2013-10-22T00:00:00
db:	CNNVD	id:	CNNVD-201310-471	date:	2013-10-21T00:00:00
db:	NVD	id:	CVE-2013-4712	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-14024	date:	2013-10-24T00:00:00
db:	VULHUB	id:	VHN-64714	date:	2013-10-19T00:00:00
db:	BID	id:	63225	date:	2013-10-18T00:00:00
db:	JVNDB	id:	JVNDB-2013-000095	date:	2013-10-18T00:00:00
db:	CNNVD	id:	CNNVD-201310-471	date:	2013-10-21T00:00:00
db:	NVD	id:	CVE-2013-4712	date:	2013-10-19T10:36:07.697