Login Sign Up

CVE-2025-14693

6.2 MEDIUM

📋 TL;DR

This vulnerability in Ugreen DH2100+ network-attached storage devices allows attackers with physical access to exploit symlink following in the USB Handler component. Attackers can potentially access sensitive files or escalate privileges by manipulating symbolic links. Only users of Ugreen DH2100+ devices up to version 5.3.0 are affected.

💻 Affected Systems

Products:
  • Ugreen DH2100+
Versions: Up to and including 5.3.0
Operating Systems: Embedded Linux (NAS firmware)
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations of affected versions are vulnerable. Physical access to the device is required for exploitation.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing data theft, privilege escalation, or persistent backdoor installation

🟠

Likely Case

Unauthorized file access leading to information disclosure or limited privilege escalation

🟢

If Mitigated

Minimal impact if physical access controls prevent unauthorized device access

🌐 Internet-Facing: LOW (requires physical access to device)
🏢 Internal Only: MEDIUM (requires physical access but could be exploited by malicious insiders or visitors)

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details have been publicly disclosed. Attack requires physical USB device access but no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 5.3.0

Vendor Advisory: Not provided in references

Restart Required: Yes

Instructions:

1. Access Ugreen DH2100+ web interface
2. Navigate to System Settings > Firmware Update
3. Check for and install latest firmware (version >5.3.0)
4. Reboot device after update completes

🔧 Temporary Workarounds

Physical Access Restriction

all

Prevent unauthorized physical access to USB ports

USB Port Disablement

linux

Disable USB functionality if not required

🧯 If You Can't Patch

  • Restrict physical access to device in secure location
  • Disconnect USB devices and monitor for unauthorized connections

🔍 How to Verify

Check if Vulnerable:

Check firmware version in web interface: System Settings > Firmware Information

Check Version:

Not applicable - use web interface

Verify Fix Applied:

Confirm firmware version is greater than 5.3.0 in System Settings

📡 Detection & Monitoring

Log Indicators:

  • Unusual USB device connections
  • File access patterns suggesting symlink traversal

Network Indicators:

  • None - local physical attack only

SIEM Query:

Not applicable - requires physical access detection

📊 Metadata

CVE ID: CVE-2025-14693
CVSS v3 Score: 6.2 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-59
EPSS Score: 0.03% exploit probability (6.5th percentile)
Published: December 15, 2025
Last Updated: January 28, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-14693, you might also want to check these:

CVE-2024-37143 10.0

This CVE describes an Improper Link Resolution Before File Access vulnerability in multiple Dell Pow...

Same vulnerability type (CWE-59)
CVE-2024-28185 10.0

CVE-2024-28185 is a critical symlink vulnerability in Judge0 that allows attackers to write arbitrar...

Same vulnerability type (CWE-59)
CVE-2024-48862 9.8

CVE-2024-48862 is a path traversal vulnerability in QNAP's QuLog Center that allows remote attackers...

Same vulnerability type (CWE-59)