CVE-2025-53508

HIGH

iND Co.,Ltd HL330-DLS, HL320-DLS, LM-100, LM-200 - OS Command Injection

Title source: llm

Description

Multiple products provided by iND Co.,Ltd contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed and sensitive information may be obtained. As for the details of affected product names and versions, refer to the information under [Product Status].

References (2)

Core 2

Core References

Various Sources

https://www.i-netd.co.jp/vulnerability/dceid-2025-001/

Third Party Advisory

https://jvn.jp/en/jp/JVN50585992/

Scores

CVSS v3 7.2

EPSS 0.0129

EPSS Percentile 66.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-78

Status published

Products (12)

iND Co.,Ltd/F2L Assist-SS-A firmware version 1.03 and earlier

iND Co.,Ltd/F2L Assist-SS-E firmware version 1.01 and earlier

iND Co.,Ltd/HL320-DLS (for module MC7330) firmware version 2.02t and earlier

iND Co.,Ltd/HL320-DLS (for module MC7700) firmware version 1.03 and earlier

iND Co.,Ltd/HL330-DLS (for module MC7330) firmware version 2.02t and earlier

iND Co.,Ltd/HL330-DLS (for module MC7700) firmware version 1.03 and earlier

iND Co.,Ltd/L2X Assist firmware version 2.01 and earlier

iND Co.,Ltd/L2X Assist-RS-A firmware version 1.11 and earlier

iND Co.,Ltd/L2X Assist-RS-E firmware version 1.12 and earlier

iND Co.,Ltd/LM-100 firmware version 1.02 and earlier

... and 2 more

Published Aug 29, 2025

Tracked Since Feb 18, 2026