CVE-2025-14224

Name of the Vulnerable Software and Affected Versions Yottamaster DM2 versions prior to 1.2.23 Yottamaster DM3 versions prior to 1.2.23 Yottamaster DM200 versions prior to 1.2.23 Yottamaster DM2 versions prior to 1.9.12 Yottamaster DM3 versions prior to 1.9.12 Yottamaster DM200 versions prior to 1.9.12

Description A path traversal issue exists in the File Upload component of Yottamaster DM2, DM3, and DM200 devices. Manipulation of this component can lead to path traversal, allowing for remote exploitation. The exploit for this issue has been publicly released. The vendor was informed of this disclosure but did not provide a response.

Recommendations Yottamaster DM2 versions prior to 1.2.23: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Yottamaster DM3 versions prior to 1.2.23: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Yottamaster DM200 versions prior to 1.2.23: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Yottamaster DM2 versions prior to 1.9.12: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Yottamaster DM3 versions prior to 1.9.12: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Yottamaster DM200 versions prior to 1.9.12: At the moment, there is no information about a newer version that contains a fix for this vulnerability.