OS Command Injection Vulnerability in UD-LT2 Firmware by I-O DATA
CVE-2025-23237

Currently unrated

Key Information:

Vendor: I-o Data Device, Inc.
Status: Ud-lt2
Vendor: CVE Published:; 22 January 2025

🔔 Create I-o Data Device, Inc. Vulnerability Alert

What is CVE-2025-23237?

An OS Command Injection vulnerability exists in the UD-LT2 firmware version 1.00.008_SE and earlier, where improper neutralization of special elements used in an operating system command could allow a logged-in user to execute arbitrary OS commands via the command-line interface (CLI). This vulnerability poses significant risks to the integrity and security of the device, potentially compromising system functionality and data protection.

Affected Version(s)

UD-LT2 firmware Ver.1.00.008_SE and earlier

References

https://www.iodata.jp/support/information/2025/01_ud-lt2/

https://jvn.jp/en/jp/JVN15293958/

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 22, 2025
Vulnerability Reserved
Jan 16, 2025