Published:2025/01/22  Last Updated:2025/02/20

JVN#15293958
Multiple vulnerabilities in I-O DATA router UD-LT2

Overview

UD-LT2 provided by I-O DATA DEVICE, INC. contains multiple vulnerabilities.

Products Affected

  • UD-LT2 firmware Ver.1.00.008_SE and earlier

Description

UD-LT2 provided by I-O DATA DEVICE, INC. contains multiple vulnerabilities listed below.

  • OS Command Injection (CWE-78)
    • CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 7.2
    • CVE-2025-20617, CVE-2025-26856
  • Inclusion of Undocumented Features (CWE-1242)
    • CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Base Score 7.5
    • CVE-2025-22450
  • OS Command Injection (CWE-78)
    • CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 6.6
    • CVE-2025-23237

Impact

  • If an attacker logs in to the affected product with an administrative account and manipulates requests for a certain screen operation, an arbitrary OS command may be executed (CVE-2025-20617, CVE-2025-26856)
  • A remote attacker may disable the LAN-side firewall function of the affected products, and open specific ports (CVE-2025-22450)
  • If a user logs in to CLI of the affected product, an arbitrary OS command may be executed (CVE-2025-23237)
CVE-2025-20617 and CVE-2025-26856 were reported on different screen operations.

Solution

Update the firmware
Update the firmware to the latest version according to the information provided by the developer.
The developer has released the update listed below that addresses these vulnerabilities.

  • UD-LT2 firmware Ver.1.00.011_SE

Vendor Status

Vendor Status Last Update Vendor Notes
I-O DATA DEVICE, INC. Vulnerable 2025/02/18 I-O DATA DEVICE, INC. website

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

CVE-2025-20617, CVE-2025-22450, CVE-2025-23237
Takeshi Kuramori, Kaori Takashima, and Kohei Masumi of National Institute of Information and Communications Technology, Cybersecurity Research Institute reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

CVE-2025-26856
Masashi Shiraishi of Mitsui Bussan Secure Directions, Inc. reported this vulnerability IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2025-20617
CVE-2025-22450
CVE-2025-23237
CVE-2025-26856
JVN iPedia JVNDB-2025-000004

Update History

2025/02/20
I-O DATA DEVICE, INC. update status
2025/02/20
Added information about CVE-2025-26856