CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-32738: Missing authentication for critical function issue exists in I-O DATA network attached hard disk 'HDL-T Series' firmware Ver.1.21 and earlier. If...

5.3 CVSS

Description

Missing authentication for critical function issue exists in I-O DATA network attached hard disk 'HDL-T Series' firmware Ver.1.21 and earlier. If exploited, a remote unauthenticated attacker may change the product settings.

Classification

CVE ID: CVE-2025-32738

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.3

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Problem Types

Missing authentication for critical function

Affected Products

Vendor: I-O DATA DEVICE, INC.

Product: HDL-TC1, HDL-TC500, HDL-T1NV, HDL-T1WH, HDL-T2NV, HDL-T2WH, HDL-T3NV, HDL-T3WH

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.07% (probability of being exploited)

EPSS Percentile: 22.93% (scored less or equal to compared to others)

EPSS Date: 2025-06-13 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-32738
https://www.iodata.jp/support/information/2025/05_hdl-t/
https://jvn.jp/en/vu/JVNVU91726405/

Timeline

2025-05-15 09:40:11 UTC
CVE

Missing authentication for critical function issue exists in I-O DATA network attached hard disk 'HDL-T Series' firmware Ver.1.21 and earlier. If...