CVE-2025-14187

CVSS v2.0

8.3

High

Vector

AV:N/AC:L/Au:M/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions UGREEN DH2100+ versions through 5.3.0.251125

Description A flaw exists in UGREEN DH2100+ that could allow for remote buffer overflow. The issue is related to the handler file backup create function within the nas svr component, specifically when handling the path argument through the /v1/file/backup/create API endpoint. Manipulation of the path argument can trigger the overflow. The exploit for this issue has been publicly released.

Recommendations Versions through 5.3.0.251125 should be updated when a fixed version is available. As a temporary workaround, consider restricting access to the /v1/file/backup/create API endpoint.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-120

Related Identifiers

CVE-2025-14187

Affected Products

Ugreen Dh2100+

CVE-2025-14187

Weakness Enumeration

Related Identifiers

Affected Products

References · 11