CVE-2016-4845

HIGH

I-O DATA HVL-A2.0/A3.0/A4.0/AT1.0S/AT2.0/AT3.0/AT4.0/AT2.0A/AT3.0A/AT4.0A < 2.04 CSRF

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-4845. PoCs published by kaito834.

AI-analyzed exploit summary The repository contains only a README with minimal information about a CSRF vulnerability (CVE-2016-4845) in IO-DATA Recording Hard Disc Drive, but no actual exploit code or technical details.

Description

Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE HVL-A2.0, HVL-A3.0, HVL-A4.0, HVL-AT1.0S, HVL-AT2.0, HVL-AT3.0, HVL-AT4.0, HVL-AT2.0A, HVL-AT3.0A, and HVL-AT4.0A devices with firmware before 2.04 allows remote attackers to hijack the authentication of arbitrary users for requests that delete content.

Exploits (1)

nomisec STUB
by kaito834 · poc
https://github.com/kaito834/cve-2016-4845_csrf

The repository contains only a README with minimal information about a CSRF vulnerability (CVE-2016-4845) in IO-DATA Recording Hard Disc Drive, but no actual exploit code or technical details.

Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: IO-DATA Recording Hard Disc Drive
No auth needed
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4
Core References
Vendor Advisory x_refsource_confirm
http://www.iodata.jp/support/information/2016/hvl-a_csrf/
Third Party Advisory, VDB Entry third-party-advisory x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000134
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/92352
Third Party Advisory third-party-advisory x_refsource_jvn
http://jvn.jp/en/jp/JVN35062083/index.html

Scores

CVSS v3 8.8
EPSS 0.0238
EPSS Percentile 81.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (10)
iodata/hvl-a2.0_firmware 2.03
iodata/hvl-a3.0_firmware 2.03
iodata/hvl-a4.0_firmware 2.03
iodata/hvl-at1.0s_firmware 2.03
iodata/hvl-at2.0_firmware 2.03
iodata/hvl-at2.0a_firmware 2.03
iodata/hvl-at3.0_firmware 2.03
iodata/hvl-at3.0a_firmware 2.03
iodata/hvl-at4.0_firmware 2.03
iodata/hvl-at4.0a_firmware 2.03
Published Sep 24, 2016
Tracked Since Feb 18, 2026