CVE-2025-32738

CVSS 6.9 MEDIUMEPSS 0.4%CWE-306

Missing authentication for critical function issue exists in I-O DATA network attached hard disk 'HDL-T Series' firmware Ver.1.21 and earlier. If exploited, a remote unauthenticated attacker may change the product settings.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Productos afectados

I-O DATA DEVICE, INC. · HDL-T1NV I-O DATA DEVICE, INC. · HDL-T1WH I-O DATA DEVICE, INC. · HDL-T2NV I-O DATA DEVICE, INC. · HDL-T2WH I-O DATA DEVICE, INC. · HDL-T3NV I-O DATA DEVICE, INC. · HDL-T3WH I-O DATA DEVICE, INC. · HDL-TC1 I-O DATA DEVICE, INC. · HDL-TC500

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://jvn.jp/en/vu/JVNVU91726405/https://www.iodata.jp/support/information/2025/05_hdl-t/