Multiple vulnerabilities in iND products
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2025-53507 CVE-2025-53508 |
| CWE-ID | CWE-922 CWE-78 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
HL330-DLS (for module MC7700) Hardware solutions / Firmware HL330-DLS (for module MC7330) Hardware solutions / Firmware LM-100 Hardware solutions / Firmware LM-200 (for module AMP570) Hardware solutions / Firmware LM-200 (for module EC25-J) Hardware solutions / Firmware L2X Assist Hardware solutions / Firmware L2X Assist-RS-A Hardware solutions / Firmware L2X Assist-RS-E Hardware solutions / Firmware F2L Assist-SS-A Hardware solutions / Firmware F2L Assist-SS-E Hardware solutions / Firmware |
| Vendor | iND |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Insecure Storage of Sensitive Information
EUVDB-ID: #VU115205
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-53507
CWE-ID:
CWE-922 - Insecure Storage of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to insecure storage of sensitive information. A remote attacker can gain access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHL330-DLS (for module MC7700): 1.03 and previous versions
HL330-DLS (for module MC7330): 2.02t and previous versions
LM-100: 1.02 and previous versions
LM-200 (for module AMP570): 1.02 and previous versions
LM-200 (for module EC25-J): 1.05e and previous versions
L2X Assist: 2.01 and previous versions
L2X Assist-RS-A: 1.11 and previous versions
L2X Assist-RS-E: 1.12 and previous versions
F2L Assist-SS-A: 1.03 and previous versions
F2L Assist-SS-E: 1.01 and previous versions
CPE2.3- cpe:2.3:h:ind:hl330-dls_for_module_mc7700:*:*:*:*:*:*:*:*
- cpe:2.3:h:ind:hl330-dls_for_module_mc7700:1.03:*:*:*:*:*:*:*
- cpe:2.3:h:ind:hl330-dls_for_module_mc7330:*:*:*:*:*:*:*:*
- cpe:2.3:h:ind:hl330-dls_for_module_mc7330:2.02t:*:*:*:*:*:*:*
- cpe:2.3:h:ind:lm-100:*:*:*:*:*:*:*:*
- cpe:2.3:h:ind:lm-100:1.02:*:*:*:*:*:*:*
- cpe:2.3:h:ind:lm-200_for_module_amp570:*:*:*:*:*:*:*:*
- cpe:2.3:h:ind:lm-200_for_module_amp570:1.02:*:*:*:*:*:*:*
- cpe:2.3:h:ind:lm-200_for_module_ec25-j:*:*:*:*:*:*:*:*
- cpe:2.3:h:ind:lm-200_for_module_ec25-j:1.05e:*:*:*:*:*:*:*
- cpe:2.3:h:ind:l2x_assist:*:*:*:*:*:*:*:*
- cpe:2.3:h:ind:l2x_assist-rs-a:*:*:*:*:*:*:*:*
- cpe:2.3:h:ind:l2x_assist-rs-e:*:*:*:*:*:*:*:*
- cpe:2.3:h:ind:f2l_assist-ss-a:*:*:*:*:*:*:*:*
- cpe:2.3:h:ind:f2l_assist-ss-e:*:*:*:*:*:*:*:*
https://jvn.jp/en/jp/JVN50585992/
https://www.i-netd.co.jp/vulnerability/dceid-2025-001/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) OS Command Injection
EUVDB-ID: #VU115206
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-53508
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation. A remote administrator can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHL330-DLS (for module MC7700): 1.03 and previous versions
HL330-DLS (for module MC7330): 2.02t and previous versions
LM-100: 1.02 and previous versions
LM-200 (for module AMP570): 1.02 and previous versions
LM-200 (for module EC25-J): 1.05e and previous versions
L2X Assist: 2.01 and previous versions
L2X Assist-RS-A: 1.11 and previous versions
L2X Assist-RS-E: 1.12 and previous versions
F2L Assist-SS-A: 1.03 and previous versions
F2L Assist-SS-E: 1.01 and previous versions
CPE2.3- cpe:2.3:h:ind:hl330-dls_for_module_mc7700:*:*:*:*:*:*:*:*
- cpe:2.3:h:ind:hl330-dls_for_module_mc7700:1.03:*:*:*:*:*:*:*
- cpe:2.3:h:ind:hl330-dls_for_module_mc7330:*:*:*:*:*:*:*:*
- cpe:2.3:h:ind:hl330-dls_for_module_mc7330:2.02t:*:*:*:*:*:*:*
- cpe:2.3:h:ind:lm-100:*:*:*:*:*:*:*:*
- cpe:2.3:h:ind:lm-100:1.02:*:*:*:*:*:*:*
- cpe:2.3:h:ind:lm-200_for_module_amp570:*:*:*:*:*:*:*:*
- cpe:2.3:h:ind:lm-200_for_module_amp570:1.02:*:*:*:*:*:*:*
- cpe:2.3:h:ind:lm-200_for_module_ec25-j:*:*:*:*:*:*:*:*
- cpe:2.3:h:ind:lm-200_for_module_ec25-j:1.05e:*:*:*:*:*:*:*
- cpe:2.3:h:ind:l2x_assist:*:*:*:*:*:*:*:*
- cpe:2.3:h:ind:l2x_assist-rs-a:*:*:*:*:*:*:*:*
- cpe:2.3:h:ind:l2x_assist-rs-e:*:*:*:*:*:*:*:*
- cpe:2.3:h:ind:f2l_assist-ss-a:*:*:*:*:*:*:*:*
- cpe:2.3:h:ind:f2l_assist-ss-e:*:*:*:*:*:*:*:*
https://jvn.jp/en/jp/JVN50585992/
https://www.i-netd.co.jp/vulnerability/dceid-2025-001/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
