CVE-2025-53507

Summary

Multiple products provided by iND Co.,Ltd contain an insecure storage of sensitive information vulnerability. If exploited, configuration information, such as admin password, may be disclosed. As for the details of affected product names and versions, refer to the information under [Product Status].

Affected Software

VendorProductVersion RangeStatus
iND Co.,LtdHL330-DLS (for module MC7700)firmware version 1.03 and earlieraffected
iND Co.,LtdHL330-DLS (for module MC7330)firmware version 2.02t and earlieraffected
iND Co.,LtdHL320-DLS (for module MC7700)firmware version 1.03 and earlieraffected
iND Co.,LtdHL320-DLS (for module MC7330)firmware version 2.02t and earlieraffected
iND Co.,LtdLM-100firmware version 1.02 and earlieraffected
iND Co.,LtdLM-200 (for module AMP570)firmware version 1.02 and earlieraffected
iND Co.,LtdLM-200 (for module EC25-J)firmware version 1.05e and earlieraffected
iND Co.,LtdL2X Assistfirmware version 2.01 and earlieraffected
iND Co.,LtdL2X Assist-RS-Afirmware version 1.11 and earlieraffected
iND Co.,LtdL2X Assist-RS-Efirmware version 1.12 and earlieraffected
iND Co.,LtdF2L Assist-SS-Afirmware version 1.03 and earlieraffected
iND Co.,LtdF2L Assist-SS-Efirmware version 1.01 and earlieraffected

Weaknesses

  • CWE-922: Insecure storage of sensitive information

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References