CVE-2025-53508

Summary

Multiple products provided by iND Co.,Ltd contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed and sensitive information may be obtained. As for the details of affected product names and versions, refer to the information under [Product Status].

Affected Software

VendorProductVersion RangeStatus
iND Co.,LtdHL330-DLS (for module MC7700)firmware version 1.03 and earlieraffected
iND Co.,LtdHL330-DLS (for module MC7330)firmware version 2.02t and earlieraffected
iND Co.,LtdHL320-DLS (for module MC7700)firmware version 1.03 and earlieraffected
iND Co.,LtdHL320-DLS (for module MC7330)firmware version 2.02t and earlieraffected
iND Co.,LtdLM-100firmware version 1.02 and earlieraffected
iND Co.,LtdLM-200 (for module AMP570)firmware version 1.02 and earlieraffected
iND Co.,LtdLM-200 (for module EC25-J)firmware version 1.05e and earlieraffected
iND Co.,LtdL2X Assistfirmware version 2.01 and earlieraffected
iND Co.,LtdL2X Assist-RS-Afirmware version 1.11 and earlieraffected
iND Co.,LtdL2X Assist-RS-Efirmware version 1.12 and earlieraffected
iND Co.,LtdF2L Assist-SS-Afirmware version 1.03 and earlieraffected
iND Co.,LtdF2L Assist-SS-Efirmware version 1.01 and earlieraffected

Weaknesses

  • CWE-78: Improper neutralization of special elements used in an OS command ('OS Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References