{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-14693", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-12-14T10:48:51.666Z", "datePublished": "2025-12-15T00:02:06.966Z", "dateUpdated": "2025-12-15T19:35:39.780Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-12-15T00:02:06.966Z"}, "title": "Ugreen DH2100+ USB symlink", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-61", "lang": "en", "description": "Symlink Following"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-59", "lang": "en", "description": "Link Following"}]}], "affected": [{"vendor": "Ugreen", "product": "DH2100+", "versions": [{"version": "5.0", "status": "affected"}, {"version": "5.1", "status": "affected"}, {"version": "5.2", "status": "affected"}, {"version": "5.3.0", "status": "affected"}], "modules": ["USB Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Ugreen DH2100+ up to 5.3.0. This affects an unknown function of the component USB Handler. Such manipulation leads to symlink following. The attack can be executed directly on the physical device. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 7, "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "baseSeverity": "HIGH"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.6, "vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.8, "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2025-12-14T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-12-14T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-12-14T11:53:55.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "rgyue (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.336411", "name": "VDB-336411 | Ugreen DH2100+ USB symlink", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.336411", "name": "VDB-336411 | CTI Indicators (IOB, IOC)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.704646", "name": "Submit #704646 | Ugreen NAS DH2100+ V5.3.0 Incorrect Access Control", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/?submit.704657", "name": "Submit #704657 | Ugreen Ugreen NAS DH2100+ V5.3.0 Incorrect Access Control (Duplicate)", "tags": ["third-party-advisory"]}, {"url": "https://www.notion.so/2bc6cf4e528a8083bf3fc6f7a953f0a1", "tags": ["exploit"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-15T19:35:07.000915Z", "id": "CVE-2025-14693", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-15T19:35:39.780Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-14693", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-12-15T19:35:07.000915Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-15T19:35:19.092Z"}}], "cna": {"title": "Ugreen DH2100+ USB symlink", "credits": [{"lang": "en", "type": "reporter", "value": "rgyue (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.8, "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "Ugreen", "modules": ["USB Handler"], "product": "DH2100+", "versions": [{"status": "affected", "version": "5.0"}, {"status": "affected", "version": "5.1"}, {"status": "affected", "version": "5.2"}, {"status": "affected", "version": "5.3.0"}]}], "timeline": [{"lang": "en", "time": "2025-12-14T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-12-14T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-12-14T11:53:55.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.336411", "name": "VDB-336411 | Ugreen DH2100+ USB symlink", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.336411", "name": "VDB-336411 | CTI Indicators (IOB, IOC)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.704646", "name": "Submit #704646 | Ugreen NAS DH2100+ V5.3.0 Incorrect Access Control", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/?submit.704657", "name": "Submit #704657 | Ugreen Ugreen NAS DH2100+ V5.3.0 Incorrect Access Control (Duplicate)", "tags": ["third-party-advisory"]}, {"url": "https://www.notion.so/2bc6cf4e528a8083bf3fc6f7a953f0a1", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Ugreen DH2100+ up to 5.3.0. This affects an unknown function of the component USB Handler. Such manipulation leads to symlink following. The attack can be executed directly on the physical device. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-61", "description": "Symlink Following"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-59", "description": "Link Following"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-12-15T00:02:06.966Z"}}}, "cveMetadata": {"cveId": "CVE-2025-14693", "state": "PUBLISHED", "dateUpdated": "2025-12-15T19:35:39.780Z", "dateReserved": "2025-12-14T10:48:51.666Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-12-15T00:02:06.966Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Ugreen DH2100+ up to 5.3.0. This affects an unknown function of the component USB Handler. Such manipulation leads to symlink following. The attack can be executed directly on the physical device. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "id": "CVE-2025-14693", "lastModified": "2025-12-15T18:22:13.783", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "PHYSICAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-12-15T01:15:37.903", "references": [{"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.336411"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.336411"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.704646"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.704657"}, {"source": "cna@vuldb.com", "url": "https://www.notion.so/2bc6cf4e528a8083bf3fc6f7a953f0a1"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}, {"lang": "en", "value": "CWE-61"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"created": "2025-12-15T14:05:41.761316+00:00", "updated": "2025-12-15T14:05:41.761356+00:00", "vendors": ["ugreen", "ugreen$PRODUCT$dh2100+"]}