OS Command Injection Vulnerability in UD-LT2 Firmware by I-O Data
CVE-2025-26856

7.2HIGH

Key Information:

Vendor: I-o Data Device, Inc.
Status: Ud-lt2
Vendor: CVE Published:; 20 February 2025

Summary

An OS command injection vulnerability exists in I-O Data's UD-LT2 firmware versions 1.00.008_SE and earlier. If an attacker with administrative access manipulates requests for specific screen operations, they could execute arbitrary OS commands. This vulnerability highlights the importance of securing user permissions and input validation processes to prevent unauthorized command execution.

Affected Version(s)

UD-LT2 firmware Ver.1.00.008_SE and earlier

References

https://www.iodata.jp/support/information/2025/01_ud-lt2/

https://jvn.jp/en/jp/JVN15293958/

CVSS V3.0

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 20, 2025
Vulnerability Reserved
Feb 17, 2025