All the vulnerabilites related to iND Co.,Ltd - HL330-DLS (for module MC7700)
cve-2025-53508
Vulnerability from cvelistv5
Published
2025-08-29 04:14
Modified
2025-08-29 12:04
Severity ?
7.2 (High) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
8.6 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.6 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
Multiple products provided by iND Co.,Ltd contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed and sensitive information may be obtained. As for the details of affected product names and versions, refer to the information under [Product Status].
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53508",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-29T12:04:26.201302Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T12:04:32.453Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HL330-DLS (for module MC7700)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.03 and earlier"
}
]
},
{
"product": "HL330-DLS (for module MC7330)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 2.02t and earlier"
}
]
},
{
"product": "HL320-DLS (for module MC7700)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.03 and earlier"
}
]
},
{
"product": "HL320-DLS (for module MC7330)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 2.02t and earlier"
}
]
},
{
"product": "LM-100",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.02 and earlier"
}
]
},
{
"product": "LM-200 (for module AMP570)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.02 and earlier"
}
]
},
{
"product": "LM-200 (for module EC25-J)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.05e and earlier"
}
]
},
{
"product": "L2X Assist",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 2.01 and earlier"
}
]
},
{
"product": "L2X Assist-RS-A",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.11 and earlier"
}
]
},
{
"product": "L2X Assist-RS-E",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.12 and earlier"
}
]
},
{
"product": "F2L Assist-SS-A",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.03 and earlier"
}
]
},
{
"product": "F2L Assist-SS-E",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.01 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple products provided by iND Co.,Ltd contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed and sensitive information may be obtained. As for the details of affected product names and versions, refer to the information under [Product Status]."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T04:14:39.074Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.i-netd.co.jp/vulnerability/dceid-2025-001/"
},
{
"url": "https://jvn.jp/en/jp/JVN50585992/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-53508",
"datePublished": "2025-08-29T04:14:39.074Z",
"dateReserved": "2025-07-02T00:52:40.812Z",
"dateUpdated": "2025-08-29T12:04:32.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-53507
Vulnerability from cvelistv5
Published
2025-08-29 04:13
Modified
2025-08-29 12:05
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
7.1 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
7.1 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
EPSS score ?
Summary
Multiple products provided by iND Co.,Ltd contain an insecure storage of sensitive information vulnerability. If exploited, configuration information, such as admin password, may be disclosed. As for the details of affected product names and versions, refer to the information under [Product Status].
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53507",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-29T12:05:21.370891Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T12:05:32.544Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HL330-DLS (for module MC7700)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.03 and earlier"
}
]
},
{
"product": "HL330-DLS (for module MC7330)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 2.02t and earlier"
}
]
},
{
"product": "HL320-DLS (for module MC7700)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.03 and earlier"
}
]
},
{
"product": "HL320-DLS (for module MC7330)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 2.02t and earlier"
}
]
},
{
"product": "LM-100",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.02 and earlier"
}
]
},
{
"product": "LM-200 (for module AMP570)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.02 and earlier"
}
]
},
{
"product": "LM-200 (for module EC25-J)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.05e and earlier"
}
]
},
{
"product": "L2X Assist",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 2.01 and earlier"
}
]
},
{
"product": "L2X Assist-RS-A",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.11 and earlier"
}
]
},
{
"product": "L2X Assist-RS-E",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.12 and earlier"
}
]
},
{
"product": "F2L Assist-SS-A",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.03 and earlier"
}
]
},
{
"product": "F2L Assist-SS-E",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.01 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple products provided by iND Co.,Ltd contain an insecure storage of sensitive information vulnerability. If exploited, configuration information, such as admin password, may be disclosed. As for the details of affected product names and versions, refer to the information under [Product Status]."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "Insecure storage of sensitive information",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T04:13:58.310Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.i-netd.co.jp/vulnerability/dceid-2025-001/"
},
{
"url": "https://jvn.jp/en/jp/JVN50585992/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-53507",
"datePublished": "2025-08-29T04:13:58.310Z",
"dateReserved": "2025-07-02T00:52:40.811Z",
"dateUpdated": "2025-08-29T12:05:32.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}