OS Command Injection Vulnerability in UD-LT2 Firmware by I-O DATA
CVE-2025-20617

7.2HIGH

Key Information:

Vendor: I-o Data Device, Inc.
Status: Ud-lt2
Vendor: CVE Published:; 22 January 2025

🔔 Create I-o Data Device, Inc. Vulnerability Alert

What is CVE-2025-20617?

An issue exists in the UD-LT2 firmware that allows improper neutralization of special elements used in operating system commands. If exploited by an attacker with administrative access, this vulnerability could enable the execution of arbitrary OS commands, potentially jeopardizing the integrity and security of the affected system.

Affected Version(s)

UD-LT2 firmware Ver.1.00.008_SE and earlier

References

https://www.iodata.jp/support/information/2025/01_ud-lt2/

https://jvn.jp/en/jp/JVN15293958/

CVSS V3.0

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 22, 2025
Vulnerability Reserved
Jan 16, 2025