Home
Description
Multiple products provided by iND Co.,Ltd contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed and sensitive information may be obtained. As for the details of affected product names and versions, refer to the information under [Product Status].
PUBLISHED Reserved 2025-07-02 | Published 2025-08-29 | Updated 2025-08-29 | Assigner jpcert
HIGH: 7.2CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
HIGH: 8.6CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Problem types
Improper neutralization of special elements used in an OS command ('OS Command Injection')
Product status
firmware version 1.03 and earlier
affected
firmware version 2.02t and earlier
affected
firmware version 1.03 and earlier
affected
firmware version 2.02t and earlier
affected
firmware version 1.02 and earlier
affected
firmware version 1.02 and earlier
affected
firmware version 1.05e and earlier
affected
firmware version 2.01 and earlier
affected
firmware version 1.11 and earlier
affected
firmware version 1.12 and earlier
affected
firmware version 1.03 and earlier
affected
firmware version 1.01 and earlier
affected
References
www.i-netd.co.jp/vulnerability/dceid-2025-001/
jvn.jp/en/jp/JVN50585992/
cve.org
(CVE-2025-53508)
nvd.nist.gov
(CVE-2025-53508)
Download JSON
