CVE-2025-23237
CVE-2025-23237
In short
A security flaw in UD-LT2 firmware allows someone who logs into the command line interface to run unauthorized system commands on the device. This could let an attacker take control of the device or access sensitive data.
Technical detail
OS command injection vulnerability in UD-LT2 firmware Ver.1.00.008_SE and earlier; requires authenticated CLI access. Insufficient input validation enables arbitrary command execution through unsanitized parameters, compromising system integrity and confidentiality.
Summary generated and translated by AI from the official description.
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. If a user logs in to CLI of the affected product, an arbitrary OS command may be executed.
CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
I-O DATA DEVICE, INC. · UD-LT2Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →