CVE-2025-69430
📋 TL;DR
An incorrect symlink follow vulnerability in Yottamaster NAS devices allows attackers with physical USB drive access to read and modify the NAS internal file system. By creating a symbolic link on a USB drive and mounting it on the NAS, attackers can bypass intended access controls. This affects DM2, DM3, and DM200 NAS devices running vulnerable firmware versions.
💻 Affected Systems
- Yottamaster DM2
- Yottamaster DM3
- Yottamaster DM200
📦 What is this software?
Dm2 Firmware by Yottamaster
Dm200 Firmware by Yottamaster
Dm3 Firmware by Yottamaster
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of NAS file system including sensitive data theft, file tampering, malware installation, and potential lateral movement to connected systems.
Likely Case
Unauthorized access to sensitive files stored on the NAS, data exfiltration, and potential file corruption or deletion.
If Mitigated
Limited impact if USB ports are physically secured and access controls prevent unauthorized physical access to devices.
🎯 Exploit Status
Exploitation requires physical access to insert a specially prepared USB drive. No authentication or network access needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: https://www.notion.so/Yottamaster-Incorrect-Symlink-Follow-2c36cf4e528a8001b37cdad4be7431f8?source=copy_link
Restart Required: No
Instructions:
1. Monitor Yottamaster website for firmware updates. 2. Check current firmware version. 3. Apply any available updates following vendor instructions.
🔧 Temporary Workarounds
Disable USB Ports
allPhysically disable or restrict access to USB ports on NAS devices
Physical Security Controls
allImplement physical security measures to prevent unauthorized USB device insertion
🧯 If You Can't Patch
- Implement strict physical access controls to NAS devices
- Disconnect or physically secure USB ports using port locks or epoxy
🔍 How to Verify
Check if Vulnerable:
Check NAS firmware version via web interface or device display. If version is DM2/DM3 ≤ V1.9.12 or DM200 ≤ V1.2.23, device is vulnerable.Check Version:
Check via NAS web interface or device display (vendor-specific)Verify Fix Applied:
Verify firmware version has been updated beyond vulnerable versions. No specific test available without attempting exploitation.📡 Detection & Monitoring
Log Indicators:
- Unusual USB device insertion logs
- File access patterns from USB mount points
Network Indicators:
- Unusual file transfer activity from NAS
SIEM Query:
source="nas_logs" AND (event="usb_insert" OR event="mount") AND device_type="ext4"