CVE-2025-14220 – This vulnerability in ORICO CD3510 version 1.9.... (How to Fix)

Q: What is the severity of CVE-2025-14220?

CVE-2025-14220 has a CVSS score of 4.3 (MEDIUM). This vulnerability in ORICO CD3510 version 1.9.12 allows remote attackers to perform path traversal attacks via the file upload component. This could enable unauthorized file access or overwriting. Users of ORICO CD3510 version 1.9.12 are affected.

📋 TL;DR

This vulnerability in ORICO CD3510 version 1.9.12 allows remote attackers to perform path traversal attacks via the file upload component. This could enable unauthorized file access or overwriting. Users of ORICO CD3510 version 1.9.12 are affected.

💻 Affected Systems

Products:

ORICO CD3510

Versions: 1.9.12

Operating Systems: Unknown

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the file upload component specifically. Other versions may be vulnerable but unconfirmed.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote attacker gains arbitrary file read/write access, potentially leading to system compromise, data theft, or malware deployment.

🟠

Likely Case

Unauthorized file access or modification, potentially exposing sensitive configuration files or enabling further exploitation.

🟢

If Mitigated

Limited impact if file upload functionality is disabled or strict access controls are implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit disclosed publicly, remote attack vector, path traversal typically has low exploitation complexity.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Vendor did not respond to disclosure. Consider workarounds or discontinuing use.

🔧 Temporary Workarounds

Disable File Upload

all

Disable or restrict the file upload functionality in the ORICO CD3510 interface.

Network Segmentation

all

Isolate ORICO CD3510 devices from critical networks and internet access.

🧯 If You Can't Patch

Implement strict network access controls to limit device exposure
Monitor for suspicious file upload activity and path traversal attempts

🔍 How to Verify

Check if Vulnerable:

Check device version in web interface or configuration. If version is 1.9.12, assume vulnerable.

Check Version:

Check device web interface or documentation for version information

Verify Fix Applied:

No fix available to verify. Monitor for vendor updates.

📡 Detection & Monitoring

Log Indicators:

Unusual file upload requests
Path traversal patterns in URLs (../ sequences)
Access to unexpected file paths

Network Indicators:

HTTP requests with ../ sequences in file upload parameters
Unusual file access patterns

SIEM Query:

web_requests WHERE url CONTAINS '../' AND device_type='ORICO CD3510'

📊 Metadata

CVE ID: CVE-2025-14220

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE: CWE-22

EPSS Score: 0.12% exploit probability (30.8th percentile)

Published: December 8, 2025

Last Updated: December 8, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-14220, you might also want to check these: