Search criteria
5 vulnerabilities found for LM-100 by iND Co.,Ltd
JVNDB-2025-000067
Vulnerability from jvndb - Published: 2025-08-29 14:47 - Updated:2025-08-29 14:47
Severity ?
Summary
Multiple vulnerabilities in multiple iND products
Details
Multiple products provided by iND Co.,Ltd contain multiple vulnerabilities listed below.
- Insecure storage of sensitive information (CWE-922) - CVE-2025-53507
- OS command injection (CWE-78) - CVE-2025-53508
References
| Type | URL | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000067.html",
"dc:date": "2025-08-29T14:47+09:00",
"dcterms:issued": "2025-08-29T14:47+09:00",
"dcterms:modified": "2025-08-29T14:47+09:00",
"description": "Multiple products provided by iND Co.,Ltd contain multiple vulnerabilities listed below.\r\n\u003cul\u003e\u003cli\u003eInsecure storage of sensitive information (CWE-922) - CVE-2025-53507\u003c/li\u003e\r\n\u003cli\u003eOS command injection (CWE-78) - CVE-2025-53508\u003c/li\u003e\u003c/ul\u003e\r\nHL330-DLS, HL320-DLS\r\nTaizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nLM-100, LM-200, L2X Assist, L2X Assist-RS-A, L2X Assist-RS-E, F2L Assist-SS-A, F2L Assist-SS-E\r\nChuya Hayakawa of 00One, Inc. reported these vulnerabilities to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000067.html",
"sec:cpe": [
{
"#text": "cpe:/o:misc:ind_f2l",
"@product": "F2L",
"@vendor": "iND Co.,Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:ind_hl320-dls",
"@product": "HL320-DLS",
"@vendor": "iND Co.,Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:ind_hl330-dls",
"@product": "HL330-DLS",
"@vendor": "iND Co.,Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:ind_l2x",
"@product": "L2X",
"@vendor": "iND Co.,Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:ind_lm-100",
"@product": "LM-100",
"@vendor": "iND Co.,Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:ind_lm-200",
"@product": "LM-200",
"@vendor": "iND Co.,Ltd",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "7.2",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-000067",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN50585992/index.html",
"@id": "JVN#50585992",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-53507",
"@id": "CVE-2025-53507",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-53508",
"@id": "CVE-2025-53508",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in multiple iND products"
}
CVE-2025-53508 (GCVE-0-2025-53508)
Vulnerability from nvd – Published: 2025-08-29 04:14 – Updated: 2025-08-29 12:04
VLAI?
Summary
Multiple products provided by iND Co.,Ltd contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed and sensitive information may be obtained. As for the details of affected product names and versions, refer to the information under [Product Status].
Severity ?
CWE
- CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| iND Co.,Ltd | HL330-DLS (for module MC7700) |
Affected:
firmware version 1.03 and earlier
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53508",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-29T12:04:26.201302Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T12:04:32.453Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HL330-DLS (for module MC7700)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.03 and earlier"
}
]
},
{
"product": "HL330-DLS (for module MC7330)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 2.02t and earlier"
}
]
},
{
"product": "HL320-DLS (for module MC7700)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.03 and earlier"
}
]
},
{
"product": "HL320-DLS (for module MC7330)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 2.02t and earlier"
}
]
},
{
"product": "LM-100",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.02 and earlier"
}
]
},
{
"product": "LM-200 (for module AMP570)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.02 and earlier"
}
]
},
{
"product": "LM-200 (for module EC25-J)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.05e and earlier"
}
]
},
{
"product": "L2X Assist",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 2.01 and earlier"
}
]
},
{
"product": "L2X Assist-RS-A",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.11 and earlier"
}
]
},
{
"product": "L2X Assist-RS-E",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.12 and earlier"
}
]
},
{
"product": "F2L Assist-SS-A",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.03 and earlier"
}
]
},
{
"product": "F2L Assist-SS-E",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.01 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple products provided by iND Co.,Ltd contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed and sensitive information may be obtained. As for the details of affected product names and versions, refer to the information under [Product Status]."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T04:14:39.074Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.i-netd.co.jp/vulnerability/dceid-2025-001/"
},
{
"url": "https://jvn.jp/en/jp/JVN50585992/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-53508",
"datePublished": "2025-08-29T04:14:39.074Z",
"dateReserved": "2025-07-02T00:52:40.812Z",
"dateUpdated": "2025-08-29T12:04:32.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53507 (GCVE-0-2025-53507)
Vulnerability from nvd – Published: 2025-08-29 04:13 – Updated: 2025-08-29 12:05
VLAI?
Summary
Multiple products provided by iND Co.,Ltd contain an insecure storage of sensitive information vulnerability. If exploited, configuration information, such as admin password, may be disclosed. As for the details of affected product names and versions, refer to the information under [Product Status].
Severity ?
CWE
- CWE-922 - Insecure storage of sensitive information
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| iND Co.,Ltd | HL330-DLS (for module MC7700) |
Affected:
firmware version 1.03 and earlier
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53507",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-29T12:05:21.370891Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T12:05:32.544Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HL330-DLS (for module MC7700)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.03 and earlier"
}
]
},
{
"product": "HL330-DLS (for module MC7330)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 2.02t and earlier"
}
]
},
{
"product": "HL320-DLS (for module MC7700)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.03 and earlier"
}
]
},
{
"product": "HL320-DLS (for module MC7330)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 2.02t and earlier"
}
]
},
{
"product": "LM-100",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.02 and earlier"
}
]
},
{
"product": "LM-200 (for module AMP570)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.02 and earlier"
}
]
},
{
"product": "LM-200 (for module EC25-J)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.05e and earlier"
}
]
},
{
"product": "L2X Assist",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 2.01 and earlier"
}
]
},
{
"product": "L2X Assist-RS-A",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.11 and earlier"
}
]
},
{
"product": "L2X Assist-RS-E",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.12 and earlier"
}
]
},
{
"product": "F2L Assist-SS-A",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.03 and earlier"
}
]
},
{
"product": "F2L Assist-SS-E",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.01 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple products provided by iND Co.,Ltd contain an insecure storage of sensitive information vulnerability. If exploited, configuration information, such as admin password, may be disclosed. As for the details of affected product names and versions, refer to the information under [Product Status]."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "Insecure storage of sensitive information",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T04:13:58.310Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.i-netd.co.jp/vulnerability/dceid-2025-001/"
},
{
"url": "https://jvn.jp/en/jp/JVN50585992/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-53507",
"datePublished": "2025-08-29T04:13:58.310Z",
"dateReserved": "2025-07-02T00:52:40.811Z",
"dateUpdated": "2025-08-29T12:05:32.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53508 (GCVE-0-2025-53508)
Vulnerability from cvelistv5 – Published: 2025-08-29 04:14 – Updated: 2025-08-29 12:04
VLAI?
Summary
Multiple products provided by iND Co.,Ltd contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed and sensitive information may be obtained. As for the details of affected product names and versions, refer to the information under [Product Status].
Severity ?
CWE
- CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| iND Co.,Ltd | HL330-DLS (for module MC7700) |
Affected:
firmware version 1.03 and earlier
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53508",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-29T12:04:26.201302Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T12:04:32.453Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HL330-DLS (for module MC7700)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.03 and earlier"
}
]
},
{
"product": "HL330-DLS (for module MC7330)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 2.02t and earlier"
}
]
},
{
"product": "HL320-DLS (for module MC7700)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.03 and earlier"
}
]
},
{
"product": "HL320-DLS (for module MC7330)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 2.02t and earlier"
}
]
},
{
"product": "LM-100",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.02 and earlier"
}
]
},
{
"product": "LM-200 (for module AMP570)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.02 and earlier"
}
]
},
{
"product": "LM-200 (for module EC25-J)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.05e and earlier"
}
]
},
{
"product": "L2X Assist",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 2.01 and earlier"
}
]
},
{
"product": "L2X Assist-RS-A",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.11 and earlier"
}
]
},
{
"product": "L2X Assist-RS-E",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.12 and earlier"
}
]
},
{
"product": "F2L Assist-SS-A",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.03 and earlier"
}
]
},
{
"product": "F2L Assist-SS-E",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.01 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple products provided by iND Co.,Ltd contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed and sensitive information may be obtained. As for the details of affected product names and versions, refer to the information under [Product Status]."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T04:14:39.074Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.i-netd.co.jp/vulnerability/dceid-2025-001/"
},
{
"url": "https://jvn.jp/en/jp/JVN50585992/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-53508",
"datePublished": "2025-08-29T04:14:39.074Z",
"dateReserved": "2025-07-02T00:52:40.812Z",
"dateUpdated": "2025-08-29T12:04:32.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53507 (GCVE-0-2025-53507)
Vulnerability from cvelistv5 – Published: 2025-08-29 04:13 – Updated: 2025-08-29 12:05
VLAI?
Summary
Multiple products provided by iND Co.,Ltd contain an insecure storage of sensitive information vulnerability. If exploited, configuration information, such as admin password, may be disclosed. As for the details of affected product names and versions, refer to the information under [Product Status].
Severity ?
CWE
- CWE-922 - Insecure storage of sensitive information
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| iND Co.,Ltd | HL330-DLS (for module MC7700) |
Affected:
firmware version 1.03 and earlier
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53507",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-29T12:05:21.370891Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T12:05:32.544Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HL330-DLS (for module MC7700)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.03 and earlier"
}
]
},
{
"product": "HL330-DLS (for module MC7330)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 2.02t and earlier"
}
]
},
{
"product": "HL320-DLS (for module MC7700)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.03 and earlier"
}
]
},
{
"product": "HL320-DLS (for module MC7330)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 2.02t and earlier"
}
]
},
{
"product": "LM-100",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.02 and earlier"
}
]
},
{
"product": "LM-200 (for module AMP570)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.02 and earlier"
}
]
},
{
"product": "LM-200 (for module EC25-J)",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.05e and earlier"
}
]
},
{
"product": "L2X Assist",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 2.01 and earlier"
}
]
},
{
"product": "L2X Assist-RS-A",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.11 and earlier"
}
]
},
{
"product": "L2X Assist-RS-E",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.12 and earlier"
}
]
},
{
"product": "F2L Assist-SS-A",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.03 and earlier"
}
]
},
{
"product": "F2L Assist-SS-E",
"vendor": "iND Co.,Ltd",
"versions": [
{
"status": "affected",
"version": "firmware version 1.01 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple products provided by iND Co.,Ltd contain an insecure storage of sensitive information vulnerability. If exploited, configuration information, such as admin password, may be disclosed. As for the details of affected product names and versions, refer to the information under [Product Status]."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "Insecure storage of sensitive information",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T04:13:58.310Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.i-netd.co.jp/vulnerability/dceid-2025-001/"
},
{
"url": "https://jvn.jp/en/jp/JVN50585992/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-53507",
"datePublished": "2025-08-29T04:13:58.310Z",
"dateReserved": "2025-07-02T00:52:40.811Z",
"dateUpdated": "2025-08-29T12:05:32.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}