关键漏洞信息 漏洞编号 JVN#50585992 影响产品 HL330-DLS (for module MC7700) firmware version 1.03 and earlier HL330-DLS (for module MC7330) firmware version 2.02t and earlier HL320-DLS (for module MC7700) firmware version 1.03 and earlier HL320-DLS (for module MC7330) firmware version 2.02t and earlier LM-100 firmware version 1.02 and earlier LM-200 (for module AMPS70) firmware version 1.02 and earlier LM-200 (for module EC25-J) firmware version 1.05e and earlier L2X Assist firmware version 2.01 and earlier L2X Assist-RS-A firmware version 1.11 and earlier L2X Assist-RS-E firmware version 1.12 and earlier F2L Assist-SS-A firmware version 1.03 and earlier F2L Assist-SS-E firmware version 1.01 and earlier 漏洞描述 不安全的敏感信息存储 (CWE-922) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 7.1 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Base Score 6.5 - CVE-2025-53507 操作系统命令注入 (CWE-78) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VLH/VA:H/SC:N/SI:N/SA:N Base Score 8.6 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 7.2 - CVE-2025-53508 影响 配置信息(如管理员密码)可能被披露 (CVE-2025-53507) 可能执行任意操作系统命令并获取敏感信息 (CVE-2025-53508) 解决方案 更新固件至最新版本,根据开发人员提供的信息进行更新。 厂商状态 iND Co.,Ltd: Vulnerable (最后更新: 2025/08/29) 引用 JPCERT/CC Addendum 漏洞分析由JPCERT/CC提供 其他信息 CVE: CVE-2025-53507, CVE-2025-53508 JVN iPedia: JVNDB-2025-000067