ID
VAR-201311-0283
CVE
CVE-2013-4713
TITLE
RockDisk vulnerable to cross-site scripting
Trust: 0.8
DESCRIPTION
Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. RockDisk provided by I-O DATA DEVICE, INC. are LAN connectable hard disk drives. RockDisk contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary script may be executed on the user's web browser. I-O DATA RockDisk NAS incorrectly filters data returned to users, allowing remote attackers to exploit vulnerabilities to build malicious URIs, entice users to parse, obtain sensitive information, or hijack user sessions. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks
Trust: 2.52
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | iodata | model: | rockdisk | scope: | eq | version: | 1.04n-2.0.1 | Trust: 1.6 |
| vendor: | iodata | model: | rockdisk | scope: | eq | version: | 1.03v3-1.13 | Trust: 1.6 |
| vendor: | iodata | model: | rockdisk | scope: | eq | version: | 1.04a-1.2 | Trust: 1.6 |
| vendor: | iodata | model: | rockdisk | scope: | eq | version: | 1.03w-1.14 | Trust: 1.6 |
| vendor: | iodata | model: | rockdisk | scope: | eq | version: | 1.04m-2.0.1 | Trust: 1.6 |
| vendor: | iodata | model: | rockdisk | scope: | eq | version: | 1.03y-1.16 | Trust: 1.6 |
| vendor: | iodata | model: | rockdisk | scope: | eq | version: | 1.04r3-2.0.1 | Trust: 1.6 |
| vendor: | iodata | model: | rockdisk | scope: | eq | version: | 1.04t-2.0.2 | Trust: 1.6 |
| vendor: | iodata | model: | rockdisk | scope: | eq | version: | 1.04b-1.21 | Trust: 1.6 |
| vendor: | iodata | model: | rockdisk | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | iodata | model: | rockdisk | scope: | lte | version: | 1.05c-2.0.3 | Trust: 1.0 |
| vendor: | iodata | model: | rockdisk | scope: | eq | version: | 1.04d-2.0.1 | Trust: 1.0 |
| vendor: | i o data device | model: | rockdisk | scope: | - | version: | - | Trust: 0.8 |
| vendor: | i o data device | model: | rockdisk | scope: | lte | version: | version 1.05e1-2.0.5 | Trust: 0.8 |
| vendor: | i o | model: | data rockdisk nas 1.05c-2.0.3 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | iodata | model: | rockdisk | scope: | eq | version: | 1.05c-2.0.3 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-79 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
XSS
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | I-O DATA DEVICE, INC. website | url: | http://www.ioplaza.jp/shop/contents/rdiskmanual.aspx | Trust: 0.8 |
| title: | I-O DATA RockDisk NAS has patches for unidentified cross-site scripting vulnerabilities | url: | https://www.cnvd.org.cn/patchInfo/show/40628 | Trust: 0.6 |
EXTERNAL IDS
| db: | JVNDB | id: | JVNDB-2013-000096 | Trust: 3.9 |
| db: | NVD | id: | CVE-2013-4713 | Trust: 3.4 |
| db: | JVN | id: | JVN74608669 | Trust: 3.1 |
| db: | BID | id: | 63392 | Trust: 1.6 |
| db: | SECUNIA | id: | 55463 | Trust: 0.6 |
| db: | CNVD | id: | CNVD-2013-14194 | Trust: 0.6 |
| db: | JVN | id: | JVN#74608669 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-201310-720 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-64715 | Trust: 0.1 |
REFERENCES
| url: | http://jvn.jp/en/jp/jvn74608669/index.html | Trust: 3.1 |
| url: | http://jvndb.jvn.jp/jvndb/jvndb-2013-000096 | Trust: 3.1 |
| url: | http://www.ioplaza.jp/shop/contents/rdiskmanual.aspx | Trust: 1.7 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4713 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4713 | Trust: 0.8 |
| url: | http://secunia.com/advisories/55463/ | Trust: 0.6 |
| url: | http://www.securityfocus.com/bid/63392 | Trust: 0.6 |
CREDITS
Yuji Tounai of bogus.jp
Trust: 0.9
SOURCES
| db: | CNVD | id: | CNVD-2013-14194 |
| db: | VULHUB | id: | VHN-64715 |
| db: | BID | id: | 63392 |
| db: | JVNDB | id: | JVNDB-2013-000096 |
| db: | CNNVD | id: | CNNVD-201310-720 |
| db: | NVD | id: | CVE-2013-4713 |
LAST UPDATE DATE
2025-04-11T23:10:35.095000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2013-14194 | date: | 2013-11-01T00:00:00 |
| db: | VULHUB | id: | VHN-64715 | date: | 2013-11-21T00:00:00 |
| db: | BID | id: | 63392 | date: | 2013-11-01T01:01:00 |
| db: | JVNDB | id: | JVNDB-2013-000096 | date: | 2014-07-02T00:00:00 |
| db: | CNNVD | id: | CNNVD-201310-720 | date: | 2013-11-04T00:00:00 |
| db: | NVD | id: | CVE-2013-4713 | date: | 2025-04-11T00:51:21.963 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2013-14194 | date: | 2013-11-01T00:00:00 |
| db: | VULHUB | id: | VHN-64715 | date: | 2013-11-01T00:00:00 |
| db: | BID | id: | 63392 | date: | 2013-10-29T00:00:00 |
| db: | JVNDB | id: | JVNDB-2013-000096 | date: | 2013-10-29T00:00:00 |
| db: | CNNVD | id: | CNNVD-201310-720 | date: | 2013-10-31T00:00:00 |
| db: | NVD | id: | CVE-2013-4713 | date: | 2013-11-01T02:55:04.933 |