Search criteria
6 vulnerabilities found for WFS-SR01 by I-O DATA DEVICE, INC.
CVE-2016-7807 (GCVE-0-2016-7807)
Vulnerability from nvd – Published: 2017-06-09 16:00 – Updated: 2024-08-06 02:04
VLAI
Summary
I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to bypass access restriction to access data on storage devices inserted into the product via unspecified vectors.
Severity
No CVSS data available.
CWE
- Fails to restrict access
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN18228200/index.html | third-party-advisoryx_refsource_JVN |
| http://www.securityfocus.com/bid/94089 | vdb-entryx_refsource_BID |
| http://www.iodata.jp/support/information/2016/wfs-sr01/ | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| I-O DATA DEVICE, INC. | WFS-SR01 |
Affected:
firmware version 1.10 and earlier
|
Date Public
2016-11-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:55.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#18228200",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN18228200/index.html"
},
{
"name": "94089",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94089"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.iodata.jp/support/information/2016/wfs-sr01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WFS-SR01",
"vendor": "I-O DATA DEVICE, INC.",
"versions": [
{
"status": "affected",
"version": "firmware version 1.10 and earlier"
}
]
}
],
"datePublic": "2016-11-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to bypass access restriction to access data on storage devices inserted into the product via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#18228200",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN18228200/index.html"
},
{
"name": "94089",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94089"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.iodata.jp/support/information/2016/wfs-sr01/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7807",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WFS-SR01",
"version": {
"version_data": [
{
"version_value": "firmware version 1.10 and earlier"
}
]
}
}
]
},
"vendor_name": "I-O DATA DEVICE, INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to bypass access restriction to access data on storage devices inserted into the product via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#18228200",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN18228200/index.html"
},
{
"name": "94089",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94089"
},
{
"name": "http://www.iodata.jp/support/information/2016/wfs-sr01/",
"refsource": "CONFIRM",
"url": "http://www.iodata.jp/support/information/2016/wfs-sr01/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-7807",
"datePublished": "2017-06-09T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:04:55.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7806 (GCVE-0-2016-7806)
Vulnerability from nvd – Published: 2017-06-09 16:00 – Updated: 2024-08-06 02:04
VLAI
Summary
I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors.
Severity
No CVSS data available.
CWE
- OS Command Injection
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN18228200/index.html | third-party-advisoryx_refsource_JVN |
| http://www.securityfocus.com/bid/94089 | vdb-entryx_refsource_BID |
| http://www.iodata.jp/support/information/2016/wfs-sr01/ | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| I-O DATA DEVICE, INC. | WFS-SR01 |
Affected:
firmware version 1.10 and earlier
|
Date Public
2016-11-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:56.029Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#18228200",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN18228200/index.html"
},
{
"name": "94089",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94089"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.iodata.jp/support/information/2016/wfs-sr01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WFS-SR01",
"vendor": "I-O DATA DEVICE, INC.",
"versions": [
{
"status": "affected",
"version": "firmware version 1.10 and earlier"
}
]
}
],
"datePublic": "2016-11-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#18228200",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN18228200/index.html"
},
{
"name": "94089",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94089"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.iodata.jp/support/information/2016/wfs-sr01/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7806",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WFS-SR01",
"version": {
"version_data": [
{
"version_value": "firmware version 1.10 and earlier"
}
]
}
}
]
},
"vendor_name": "I-O DATA DEVICE, INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#18228200",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN18228200/index.html"
},
{
"name": "94089",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94089"
},
{
"name": "http://www.iodata.jp/support/information/2016/wfs-sr01/",
"refsource": "CONFIRM",
"url": "http://www.iodata.jp/support/information/2016/wfs-sr01/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-7806",
"datePublished": "2017-06-09T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:04:56.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7806 (GCVE-0-2016-7806)
Vulnerability from cvelistv5 – Published: 2017-06-09 16:00 – Updated: 2024-08-06 02:04
VLAI
Summary
I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors.
Severity
No CVSS data available.
CWE
- OS Command Injection
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN18228200/index.html | third-party-advisoryx_refsource_JVN |
| http://www.securityfocus.com/bid/94089 | vdb-entryx_refsource_BID |
| http://www.iodata.jp/support/information/2016/wfs-sr01/ | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| I-O DATA DEVICE, INC. | WFS-SR01 |
Affected:
firmware version 1.10 and earlier
|
Date Public
2016-11-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:56.029Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#18228200",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN18228200/index.html"
},
{
"name": "94089",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94089"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.iodata.jp/support/information/2016/wfs-sr01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WFS-SR01",
"vendor": "I-O DATA DEVICE, INC.",
"versions": [
{
"status": "affected",
"version": "firmware version 1.10 and earlier"
}
]
}
],
"datePublic": "2016-11-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#18228200",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN18228200/index.html"
},
{
"name": "94089",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94089"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.iodata.jp/support/information/2016/wfs-sr01/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7806",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WFS-SR01",
"version": {
"version_data": [
{
"version_value": "firmware version 1.10 and earlier"
}
]
}
}
]
},
"vendor_name": "I-O DATA DEVICE, INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#18228200",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN18228200/index.html"
},
{
"name": "94089",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94089"
},
{
"name": "http://www.iodata.jp/support/information/2016/wfs-sr01/",
"refsource": "CONFIRM",
"url": "http://www.iodata.jp/support/information/2016/wfs-sr01/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-7806",
"datePublished": "2017-06-09T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:04:56.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7807 (GCVE-0-2016-7807)
Vulnerability from cvelistv5 – Published: 2017-06-09 16:00 – Updated: 2024-08-06 02:04
VLAI
Summary
I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to bypass access restriction to access data on storage devices inserted into the product via unspecified vectors.
Severity
No CVSS data available.
CWE
- Fails to restrict access
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN18228200/index.html | third-party-advisoryx_refsource_JVN |
| http://www.securityfocus.com/bid/94089 | vdb-entryx_refsource_BID |
| http://www.iodata.jp/support/information/2016/wfs-sr01/ | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| I-O DATA DEVICE, INC. | WFS-SR01 |
Affected:
firmware version 1.10 and earlier
|
Date Public
2016-11-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:55.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#18228200",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN18228200/index.html"
},
{
"name": "94089",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94089"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.iodata.jp/support/information/2016/wfs-sr01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WFS-SR01",
"vendor": "I-O DATA DEVICE, INC.",
"versions": [
{
"status": "affected",
"version": "firmware version 1.10 and earlier"
}
]
}
],
"datePublic": "2016-11-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to bypass access restriction to access data on storage devices inserted into the product via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#18228200",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN18228200/index.html"
},
{
"name": "94089",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94089"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.iodata.jp/support/information/2016/wfs-sr01/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7807",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WFS-SR01",
"version": {
"version_data": [
{
"version_value": "firmware version 1.10 and earlier"
}
]
}
}
]
},
"vendor_name": "I-O DATA DEVICE, INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to bypass access restriction to access data on storage devices inserted into the product via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#18228200",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN18228200/index.html"
},
{
"name": "94089",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94089"
},
{
"name": "http://www.iodata.jp/support/information/2016/wfs-sr01/",
"refsource": "CONFIRM",
"url": "http://www.iodata.jp/support/information/2016/wfs-sr01/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-7807",
"datePublished": "2017-06-09T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:04:55.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2016-000215
Vulnerability from jvndb - Published: 2016-11-02 16:21 - Updated:2017-11-27 16:42
Severity
Summary
Access restriction bypass vulnerability in WFS-SR01
Details
WFS-SR01 provided by I-O DATA DEVICE, INC. is a portable storage device which provides wireless LAN router function. WFS-SR01 contains access restriction bypass vulnerability in "Pocket Router Function".
I-O DATA DEVICE, INC. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and I-O DATA DEVICE, INC. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000215.html",
"dc:date": "2017-11-27T16:42+09:00",
"dcterms:issued": "2016-11-02T16:21+09:00",
"dcterms:modified": "2017-11-27T16:42+09:00",
"description": "WFS-SR01 provided by I-O DATA DEVICE, INC. is a portable storage device which provides wireless LAN router function. WFS-SR01 contains access restriction bypass vulnerability in \"Pocket Router Function\". \r\n\r\nI-O DATA DEVICE, INC. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and I-O DATA DEVICE, INC. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000215.html",
"sec:cpe": {
"#text": "cpe:/h:i-o_data_device:wfs-sr01",
"@product": "WFS-SR01",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.3",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000215",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN18228200/index.html",
"@id": "JVN#18228200",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7807",
"@id": "CVE-2016-7807",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-7807",
"@id": "CVE-2016-7807",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-nocwe",
"@title": "No Mapping(CWE-nocwe)"
}
],
"title": "Access restriction bypass vulnerability in WFS-SR01"
}
JVNDB-2016-000214
Vulnerability from jvndb - Published: 2016-11-02 16:20 - Updated:2017-11-27 16:42
Severity
Summary
Command injection vulnerability in WFS-SR01
Details
WFS-SR01 provided by I-O DATA DEVICE, INC. is a portable storage device which provides wireless LAN router function. WFS-SR01 contains command injection vulnerability in "Pocket Router Function".
I-O DATA DEVICE, INC. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and I-O DATA DEVICE, INC. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000214.html",
"dc:date": "2017-11-27T16:42+09:00",
"dcterms:issued": "2016-11-02T16:20+09:00",
"dcterms:modified": "2017-11-27T16:42+09:00",
"description": "WFS-SR01 provided by I-O DATA DEVICE, INC. is a portable storage device which provides wireless LAN router function. WFS-SR01 contains command injection vulnerability in \"Pocket Router Function\". \r\n\r\nI-O DATA DEVICE, INC. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and I-O DATA DEVICE, INC. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000214.html",
"sec:cpe": {
"#text": "cpe:/h:i-o_data_device:wfs-sr01",
"@product": "WFS-SR01",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.3",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000214",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN18228200/index.html",
"@id": "JVN#18228200",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7806",
"@id": "CVE-2016-7806",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-7806",
"@id": "CVE-2016-7806",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-nocwe",
"@title": "No Mapping(CWE-nocwe)"
}
],
"title": "Command injection vulnerability in WFS-SR01"
}