OS Command Injection Vulnerability in UD-LT2 Firmware by I-O Data
CVE-2025-26856
7.2HIGH
What is CVE-2025-26856?
An OS command injection vulnerability exists in I-O Data's UD-LT2 firmware versions 1.00.008_SE and earlier. If an attacker with administrative access manipulates requests for specific screen operations, they could execute arbitrary OS commands. This vulnerability highlights the importance of securing user permissions and input validation processes to prevent unauthorized command execution.
Affected Version(s)
UD-LT2 firmware Ver.1.00.008_SE and earlier