Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
5 vulnerabilities by iND Co.,Ltd
JVNDB-2025-000067
Vulnerability from jvndb - Published: 2025-08-29 14:47 - Updated:2025-08-29 14:47
Severity
Summary
Multiple vulnerabilities in multiple iND products
Details
Multiple products provided by iND Co.,Ltd contain multiple vulnerabilities listed below.
- Insecure storage of sensitive information (CWE-922) - CVE-2025-53507
- OS command injection (CWE-78) - CVE-2025-53508
References
| Type | URL | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000067.html",
"dc:date": "2025-08-29T14:47+09:00",
"dcterms:issued": "2025-08-29T14:47+09:00",
"dcterms:modified": "2025-08-29T14:47+09:00",
"description": "Multiple products provided by iND Co.,Ltd contain multiple vulnerabilities listed below.\r\n\u003cul\u003e\u003cli\u003eInsecure storage of sensitive information (CWE-922) - CVE-2025-53507\u003c/li\u003e\r\n\u003cli\u003eOS command injection (CWE-78) - CVE-2025-53508\u003c/li\u003e\u003c/ul\u003e\r\nHL330-DLS, HL320-DLS\r\nTaizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nLM-100, LM-200, L2X Assist, L2X Assist-RS-A, L2X Assist-RS-E, F2L Assist-SS-A, F2L Assist-SS-E\r\nChuya Hayakawa of 00One, Inc. reported these vulnerabilities to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000067.html",
"sec:cpe": [
{
"#text": "cpe:/o:misc:ind_f2l",
"@product": "F2L",
"@vendor": "iND Co.,Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:ind_hl320-dls",
"@product": "HL320-DLS",
"@vendor": "iND Co.,Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:ind_hl330-dls",
"@product": "HL330-DLS",
"@vendor": "iND Co.,Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:ind_l2x",
"@product": "L2X",
"@vendor": "iND Co.,Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:ind_lm-100",
"@product": "LM-100",
"@vendor": "iND Co.,Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:ind_lm-200",
"@product": "LM-200",
"@vendor": "iND Co.,Ltd",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "7.2",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-000067",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN50585992/index.html",
"@id": "JVN#50585992",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-53507",
"@id": "CVE-2025-53507",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-53508",
"@id": "CVE-2025-53508",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in multiple iND products"
}
CVE-2025-53508 (GCVE-0-2025-53508)
Vulnerability from cvelistv5 – Published: 2025-08-29 04:14 – Updated: 2025-08-29 12:04
VLAI
Summary
Multiple products provided by iND Co.,Ltd contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed and sensitive information may be obtained. As for the details of affected product names and versions, refer to the information under [Product Status].
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
Assigner
References
2 references
Impacted products
12 products
| Vendor | Product | Version | |
|---|---|---|---|
| iND Co.,Ltd | HL330-DLS (for module MC7700) |
Affected:
firmware version 1.03 and earlier
|
|
| iND Co.,Ltd | HL330-DLS (for module MC7330) |
Affected:
firmware version 2.02t and earlier
|
|
| iND Co.,Ltd | HL320-DLS (for module MC7700) |
Affected:
firmware version 1.03 and earlier
|
|
| iND Co.,Ltd | HL320-DLS (for module MC7330) |
Affected:
firmware version 2.02t and earlier
|
|
| iND Co.,Ltd | LM-100 |
Affected:
firmware version 1.02 and earlier
|
|
| iND Co.,Ltd | LM-200 (for module AMP570) |
Affected:
firmware version 1.02 and earlier
|
|
| iND Co.,Ltd | LM-200 (for module EC25-J) |
Affected:
firmware version 1.05e and earlier
|
|
| iND Co.,Ltd | L2X Assist |
Affected:
firmware version 2.01 and earlier
|
|
| iND Co.,Ltd | L2X Assist-RS-A |
Affected:
firmware version 1.11 and earlier
|
|
| iND Co.,Ltd | L2X Assist-RS-E |
Affected:
firmware version 1.12 and earlier
|
|
| iND Co.,Ltd | F2L Assist-SS-A |
Affected:
firmware version 1.03 and earlier
|
|
| iND Co.,Ltd | F2L Assist-SS-E |
Affected:
firmware version 1.01 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53508",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-29T12:04:26.201302Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T12:04:32.453Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HL330-DLS (for module MC7700)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.03 and earlier"
}
]
},
{
"product": "HL330-DLS (for module MC7330)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 2.02t and earlier"
}
]
},
{
"product": "HL320-DLS (for module MC7700)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.03 and earlier"
}
]
},
{
"product": "HL320-DLS (for module MC7330)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 2.02t and earlier"
}
]
},
{
"product": "LM-100",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.02 and earlier"
}
]
},
{
"product": "LM-200 (for module AMP570)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.02 and earlier"
}
]
},
{
"product": "LM-200 (for module EC25-J)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.05e and earlier"
}
]
},
{
"product": "L2X Assist",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 2.01 and earlier"
}
]
},
{
"product": "L2X Assist-RS-A",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.11 and earlier"
}
]
},
{
"product": "L2X Assist-RS-E",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.12 and earlier"
}
]
},
{
"product": "F2L Assist-SS-A",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.03 and earlier"
}
]
},
{
"product": "F2L Assist-SS-E",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.01 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple products provided by iND Co.,Ltd contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed and sensitive information may be obtained. As for the details of affected product names and versions, refer to the information under [Product Status]."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T04:14:39.074Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.i-netd.co.jp/vulnerability/dceid-2025-001/"
},
{
"url": "https://jvn.jp/en/jp/JVN50585992/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-53508",
"datePublished": "2025-08-29T04:14:39.074Z",
"dateReserved": "2025-07-02T00:52:40.812Z",
"dateUpdated": "2025-08-29T12:04:32.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53507 (GCVE-0-2025-53507)
Vulnerability from cvelistv5 – Published: 2025-08-29 04:13 – Updated: 2025-08-29 12:05
VLAI
Summary
Multiple products provided by iND Co.,Ltd contain an insecure storage of sensitive information vulnerability. If exploited, configuration information, such as admin password, may be disclosed. As for the details of affected product names and versions, refer to the information under [Product Status].
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-922 - Insecure storage of sensitive information
Assigner
References
2 references
Impacted products
12 products
| Vendor | Product | Version | |
|---|---|---|---|
| iND Co.,Ltd | HL330-DLS (for module MC7700) |
Affected:
firmware version 1.03 and earlier
|
|
| iND Co.,Ltd | HL330-DLS (for module MC7330) |
Affected:
firmware version 2.02t and earlier
|
|
| iND Co.,Ltd | HL320-DLS (for module MC7700) |
Affected:
firmware version 1.03 and earlier
|
|
| iND Co.,Ltd | HL320-DLS (for module MC7330) |
Affected:
firmware version 2.02t and earlier
|
|
| iND Co.,Ltd | LM-100 |
Affected:
firmware version 1.02 and earlier
|
|
| iND Co.,Ltd | LM-200 (for module AMP570) |
Affected:
firmware version 1.02 and earlier
|
|
| iND Co.,Ltd | LM-200 (for module EC25-J) |
Affected:
firmware version 1.05e and earlier
|
|
| iND Co.,Ltd | L2X Assist |
Affected:
firmware version 2.01 and earlier
|
|
| iND Co.,Ltd | L2X Assist-RS-A |
Affected:
firmware version 1.11 and earlier
|
|
| iND Co.,Ltd | L2X Assist-RS-E |
Affected:
firmware version 1.12 and earlier
|
|
| iND Co.,Ltd | F2L Assist-SS-A |
Affected:
firmware version 1.03 and earlier
|
|
| iND Co.,Ltd | F2L Assist-SS-E |
Affected:
firmware version 1.01 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53507",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-29T12:05:21.370891Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T12:05:32.544Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HL330-DLS (for module MC7700)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.03 and earlier"
}
]
},
{
"product": "HL330-DLS (for module MC7330)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 2.02t and earlier"
}
]
},
{
"product": "HL320-DLS (for module MC7700)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.03 and earlier"
}
]
},
{
"product": "HL320-DLS (for module MC7330)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 2.02t and earlier"
}
]
},
{
"product": "LM-100",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.02 and earlier"
}
]
},
{
"product": "LM-200 (for module AMP570)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.02 and earlier"
}
]
},
{
"product": "LM-200 (for module EC25-J)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.05e and earlier"
}
]
},
{
"product": "L2X Assist",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 2.01 and earlier"
}
]
},
{
"product": "L2X Assist-RS-A",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.11 and earlier"
}
]
},
{
"product": "L2X Assist-RS-E",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.12 and earlier"
}
]
},
{
"product": "F2L Assist-SS-A",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.03 and earlier"
}
]
},
{
"product": "F2L Assist-SS-E",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.01 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple products provided by iND Co.,Ltd contain an insecure storage of sensitive information vulnerability. If exploited, configuration information, such as admin password, may be disclosed. As for the details of affected product names and versions, refer to the information under [Product Status]."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "Insecure storage of sensitive information",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T04:13:58.310Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.i-netd.co.jp/vulnerability/dceid-2025-001/"
},
{
"url": "https://jvn.jp/en/jp/JVN50585992/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-53507",
"datePublished": "2025-08-29T04:13:58.310Z",
"dateReserved": "2025-07-02T00:52:40.811Z",
"dateUpdated": "2025-08-29T12:05:32.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53508 (GCVE-0-2025-53508)
Vulnerability from nvd – Published: 2025-08-29 04:14 – Updated: 2025-08-29 12:04
VLAI
Summary
Multiple products provided by iND Co.,Ltd contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed and sensitive information may be obtained. As for the details of affected product names and versions, refer to the information under [Product Status].
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
Assigner
References
2 references
Impacted products
12 products
| Vendor | Product | Version | |
|---|---|---|---|
| iND Co.,Ltd | HL330-DLS (for module MC7700) |
Affected:
firmware version 1.03 and earlier
|
|
| iND Co.,Ltd | HL330-DLS (for module MC7330) |
Affected:
firmware version 2.02t and earlier
|
|
| iND Co.,Ltd | HL320-DLS (for module MC7700) |
Affected:
firmware version 1.03 and earlier
|
|
| iND Co.,Ltd | HL320-DLS (for module MC7330) |
Affected:
firmware version 2.02t and earlier
|
|
| iND Co.,Ltd | LM-100 |
Affected:
firmware version 1.02 and earlier
|
|
| iND Co.,Ltd | LM-200 (for module AMP570) |
Affected:
firmware version 1.02 and earlier
|
|
| iND Co.,Ltd | LM-200 (for module EC25-J) |
Affected:
firmware version 1.05e and earlier
|
|
| iND Co.,Ltd | L2X Assist |
Affected:
firmware version 2.01 and earlier
|
|
| iND Co.,Ltd | L2X Assist-RS-A |
Affected:
firmware version 1.11 and earlier
|
|
| iND Co.,Ltd | L2X Assist-RS-E |
Affected:
firmware version 1.12 and earlier
|
|
| iND Co.,Ltd | F2L Assist-SS-A |
Affected:
firmware version 1.03 and earlier
|
|
| iND Co.,Ltd | F2L Assist-SS-E |
Affected:
firmware version 1.01 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53508",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-29T12:04:26.201302Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T12:04:32.453Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HL330-DLS (for module MC7700)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.03 and earlier"
}
]
},
{
"product": "HL330-DLS (for module MC7330)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 2.02t and earlier"
}
]
},
{
"product": "HL320-DLS (for module MC7700)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.03 and earlier"
}
]
},
{
"product": "HL320-DLS (for module MC7330)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 2.02t and earlier"
}
]
},
{
"product": "LM-100",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.02 and earlier"
}
]
},
{
"product": "LM-200 (for module AMP570)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.02 and earlier"
}
]
},
{
"product": "LM-200 (for module EC25-J)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.05e and earlier"
}
]
},
{
"product": "L2X Assist",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 2.01 and earlier"
}
]
},
{
"product": "L2X Assist-RS-A",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.11 and earlier"
}
]
},
{
"product": "L2X Assist-RS-E",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.12 and earlier"
}
]
},
{
"product": "F2L Assist-SS-A",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.03 and earlier"
}
]
},
{
"product": "F2L Assist-SS-E",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.01 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple products provided by iND Co.,Ltd contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed and sensitive information may be obtained. As for the details of affected product names and versions, refer to the information under [Product Status]."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T04:14:39.074Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.i-netd.co.jp/vulnerability/dceid-2025-001/"
},
{
"url": "https://jvn.jp/en/jp/JVN50585992/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-53508",
"datePublished": "2025-08-29T04:14:39.074Z",
"dateReserved": "2025-07-02T00:52:40.812Z",
"dateUpdated": "2025-08-29T12:04:32.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53507 (GCVE-0-2025-53507)
Vulnerability from nvd – Published: 2025-08-29 04:13 – Updated: 2025-08-29 12:05
VLAI
Summary
Multiple products provided by iND Co.,Ltd contain an insecure storage of sensitive information vulnerability. If exploited, configuration information, such as admin password, may be disclosed. As for the details of affected product names and versions, refer to the information under [Product Status].
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-922 - Insecure storage of sensitive information
Assigner
References
2 references
Impacted products
12 products
| Vendor | Product | Version | |
|---|---|---|---|
| iND Co.,Ltd | HL330-DLS (for module MC7700) |
Affected:
firmware version 1.03 and earlier
|
|
| iND Co.,Ltd | HL330-DLS (for module MC7330) |
Affected:
firmware version 2.02t and earlier
|
|
| iND Co.,Ltd | HL320-DLS (for module MC7700) |
Affected:
firmware version 1.03 and earlier
|
|
| iND Co.,Ltd | HL320-DLS (for module MC7330) |
Affected:
firmware version 2.02t and earlier
|
|
| iND Co.,Ltd | LM-100 |
Affected:
firmware version 1.02 and earlier
|
|
| iND Co.,Ltd | LM-200 (for module AMP570) |
Affected:
firmware version 1.02 and earlier
|
|
| iND Co.,Ltd | LM-200 (for module EC25-J) |
Affected:
firmware version 1.05e and earlier
|
|
| iND Co.,Ltd | L2X Assist |
Affected:
firmware version 2.01 and earlier
|
|
| iND Co.,Ltd | L2X Assist-RS-A |
Affected:
firmware version 1.11 and earlier
|
|
| iND Co.,Ltd | L2X Assist-RS-E |
Affected:
firmware version 1.12 and earlier
|
|
| iND Co.,Ltd | F2L Assist-SS-A |
Affected:
firmware version 1.03 and earlier
|
|
| iND Co.,Ltd | F2L Assist-SS-E |
Affected:
firmware version 1.01 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53507",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-29T12:05:21.370891Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T12:05:32.544Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HL330-DLS (for module MC7700)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.03 and earlier"
}
]
},
{
"product": "HL330-DLS (for module MC7330)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 2.02t and earlier"
}
]
},
{
"product": "HL320-DLS (for module MC7700)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.03 and earlier"
}
]
},
{
"product": "HL320-DLS (for module MC7330)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 2.02t and earlier"
}
]
},
{
"product": "LM-100",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.02 and earlier"
}
]
},
{
"product": "LM-200 (for module AMP570)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.02 and earlier"
}
]
},
{
"product": "LM-200 (for module EC25-J)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.05e and earlier"
}
]
},
{
"product": "L2X Assist",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 2.01 and earlier"
}
]
},
{
"product": "L2X Assist-RS-A",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.11 and earlier"
}
]
},
{
"product": "L2X Assist-RS-E",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.12 and earlier"
}
]
},
{
"product": "F2L Assist-SS-A",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.03 and earlier"
}
]
},
{
"product": "F2L Assist-SS-E",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.01 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple products provided by iND Co.,Ltd contain an insecure storage of sensitive information vulnerability. If exploited, configuration information, such as admin password, may be disclosed. As for the details of affected product names and versions, refer to the information under [Product Status]."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "Insecure storage of sensitive information",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T04:13:58.310Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.i-netd.co.jp/vulnerability/dceid-2025-001/"
},
{
"url": "https://jvn.jp/en/jp/JVN50585992/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-53507",
"datePublished": "2025-08-29T04:13:58.310Z",
"dateReserved": "2025-07-02T00:52:40.811Z",
"dateUpdated": "2025-08-29T12:05:32.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}