Home

Description

Multiple products provided by iND Co.,Ltd contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed and sensitive information may be obtained. As for the details of affected product names and versions, refer to the information under [Product Status].

PUBLISHED Reserved 2025-07-02 | Published 2025-08-29 | Updated 2025-08-29 | Assigner jpcert




HIGH: 7.2CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

HIGH: 8.6CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

Improper neutralization of special elements used in an OS command ('OS Command Injection')

Product status

firmware version 1.03 and earlier
affected

firmware version 2.02t and earlier
affected

firmware version 1.03 and earlier
affected

firmware version 2.02t and earlier
affected

firmware version 1.02 and earlier
affected

firmware version 1.02 and earlier
affected

firmware version 1.05e and earlier
affected

firmware version 2.01 and earlier
affected

firmware version 1.11 and earlier
affected

firmware version 1.12 and earlier
affected

firmware version 1.03 and earlier
affected

firmware version 1.01 and earlier
affected

References

www.i-netd.co.jp/vulnerability/dceid-2025-001/

jvn.jp/en/jp/JVN50585992/

cve.org (CVE-2025-53508)

nvd.nist.gov (CVE-2025-53508)

Download JSON