CVE-2025-53508_CVE-2025-53508

8.6 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Multiple products provided by iND Co.,Ltd contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed and sensitive information may be obtained. As for the details of affected product names and versions, refer to the information under [Product Status].

Basic Information

ID CVE-2025-53508

Source jpcert

Published Aug 29, 2025 at 04:14

Affected Product

Vendor iND Co.,Ltd

Product HL330-DLS (for module MC7700)

Version firmware version 1.03 and earlier

Affected Versions iND Co.,Ltd HL330-DLS (for module MC7700) firmware version 1.03 and earlier
iND Co.,Ltd HL330-DLS (for module MC7330) firmware version 2.02t and earlier
iND Co.,Ltd HL320-DLS (for module MC7700) firmware version 1.03 and earlier
iND Co.,Ltd HL320-DLS (for module MC7330) firmware version 2.02t and earlier
iND Co.,Ltd LM-100 firmware version 1.02 and earlier
iND Co.,Ltd LM-200 (for module AMP570) firmware version 1.02 and earlier
iND Co.,Ltd LM-200 (for module EC25-J) firmware version 1.05e and earlier
iND Co.,Ltd L2X Assist firmware version 2.01 and earlier
iND Co.,Ltd L2X Assist-RS-A firmware version 1.11 and earlier
iND Co.,Ltd L2X Assist-RS-E firmware version 1.12 and earlier
iND Co.,Ltd F2L Assist-SS-A firmware version 1.03 and earlier
iND Co.,Ltd F2L Assist-SS-E firmware version 1.01 and earlier

CWE Classification

CWE-78

References

{
    "lastseen": "",
    "description": "Multiple products provided by iND Co.,Ltd contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed and sensitive information may be obtained. As for the details of affected product names and versions, refer to the information under [Product Status].",
    "published": "2025-08-29T04:14:39.074Z",
    "modified": "2025-08-29T04:14:39.074Z",
    "type": "cve",
    "title": "CVE-2025-53508",
    "source": "jpcert",
    "references": "https://www.i-netd.co.jp/vulnerability/dceid-2025-001/\nhttps://jvn.jp/en/jp/JVN50585992/",
    "id": "CVE-2025-53508",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "iND Co.,Ltd HL330-DLS (for module MC7700) firmware version 1.03 and earlier\niND Co.,Ltd HL330-DLS (for module MC7330) firmware version 2.02t and earlier\niND Co.,Ltd HL320-DLS (for module MC7700) firmware version 1.03 and earlier\niND Co.,Ltd HL320-DLS (for module MC7330) firmware version 2.02t and earlier\niND Co.,Ltd LM-100 firmware version 1.02 and earlier\niND Co.,Ltd LM-200 (for module AMP570) firmware version 1.02 and earlier\niND Co.,Ltd LM-200 (for module EC25-J) firmware version 1.05e and earlier\niND Co.,Ltd L2X Assist firmware version 2.01 and earlier\niND Co.,Ltd L2X Assist-RS-A firmware version 1.11 and earlier\niND Co.,Ltd L2X Assist-RS-E firmware version 1.12 and earlier\niND Co.,Ltd F2L Assist-SS-A firmware version 1.03 and earlier\niND Co.,Ltd F2L Assist-SS-E firmware version 1.01 and earlier",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "HL330-DLS (for module MC7700)",
    "version": "firmware version 1.03 and earlier",
    "vendor": "iND Co.,Ltd",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}