GCVE - cpe:2.3:a:i-o_data_device,_inc.:ud-lt2:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:i-o_data_device,_inc.:ud-lt2:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	I O Data Device, Inc. (`778e22e9-0a62-59c4-949b-59149240692d`)
Product	Ud Lt2 (`ea1e98b0-6b9e-55e8-beb8-48479039d916`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-26856`	vulnerable	2026-06-03 15:00:08.565622	Details available HIGH (7.2) Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. If an attacker logs in to the affected product with an administrative account and manipulates requests for a certain screen operation, an arbitrary OS command may be executed. This vulnerability was reported on a different screen operation from CVE-2025-20617. Published: 2025-02-20T05:49:49.402Z Updated: 2025-02-20T16:15:20.874Z Open on db.gcve.eu Reference links https://www.iodata.jp/support/information/2025/01_ud-lt2/ https://jvn.jp/en/jp/JVN15293958/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-23237`	vulnerable	2026-06-03 14:59:42.170850	Details available MEDIUM (6.6) Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. If a user logs in to CLI of the affected product, an arbitrary OS command may be executed. Published: 2025-01-22T05:50:14.930Z Updated: 2025-02-12T20:41:22.887Z Open on db.gcve.eu Reference links https://www.iodata.jp/support/information/2025/01_ud-lt2/ https://jvn.jp/en/jp/JVN15293958/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-22450`	vulnerable	2026-06-03 14:59:39.971070	Details available HIGH (7.5) Inclusion of undocumented features issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. A remote attacker may disable the LAN-side firewall function of the affected products, and open specific ports. Published: 2025-01-22T05:49:13.793Z Updated: 2025-02-12T20:41:22.761Z Open on db.gcve.eu Reference links https://www.iodata.jp/support/information/2025/01_ud-lt2/ https://jvn.jp/en/jp/JVN15293958/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-20617`	vulnerable	2026-06-03 14:59:14.811570	Details available HIGH (7.2) Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. If an attacker logs in to the affected product with an administrative account and manipulates requests for a certain screen operation, an arbitrary OS command may be executed. This vulnerability was reported on a different screen operation from CVE-2025-26856. Published: 2025-01-22T05:48:18.973Z Updated: 2025-02-20T05:51:16.359Z Open on db.gcve.eu Reference links https://www.iodata.jp/support/information/2025/01_ud-lt2/ https://jvn.jp/en/jp/JVN15293958/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.