JVN#50585992
Multiple vulnerabilities in multiple iND products

Overview

Multiple products provided by iND Co.,Ltd contain multiple vulnerabilities.

Products Affected

• HL330-DLS (for module MC7700) firmware version 1.03 and earlier
• HL330-DLS (for module MC7330) firmware version 2.02t and earlier
• HL320-DLS (for module MC7700) firmware version 1.03 and earlier
• HL320-DLS (for module MC7330) firmware version 2.02t and earlier
• LM-100 firmware version 1.02 and earlier
• LM-200 (for module AMP570) firmware version 1.02 and earlier
• LM-200 (for module EC25-J) firmware version 1.05e and earlier
• L2X Assist firmware version 2.01 and earlier
• L2X Assist-RS-A firmware version 1.11 and earlier
• L2X Assist-RS-E firmware version 1.12 and earlier
• F2L Assist-SS-A firmware version 1.03 and earlier
• F2L Assist-SS-E firmware version 1.01 and earlier

Description

Multiple products provided by iND Co.,Ltd contain multiple vulnerabilities listed below.

• Insecure storage of sensitive information (CWE-922)
  • CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 7.1
  • CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Base Score 6.5
  • CVE-2025-53507
• OS command injection (CWE-78)
  • CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.6
  • CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 7.2
  • CVE-2025-53508

Impact

• Configuration information, such as admin password, may be disclosed (CVE-2025-53507)
• An arbitrary OS command may be executed and sensitive information may be obtained (CVE-2025-53508)

Solution

Update the Firmware
Update the firmware to the latest version according to the information provided by the developer.
The developer states that HL330-DLS is end of support. However, it can be updated with firmware of HL320-DLS as they use the same one.