PT-2025-51181 · Ugreen · Ugreen Dh2100+
Rgyue
·
Published
2025-12-15
·
Updated
2026-01-28
·
CVE-2025-14693
CVSS v2.0
6.5
Medium
| Vector | AV:L/AC:L/Au:M/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Ugreen DH2100+ versions up to 5.3.0
Description
A flaw exists in the USB Handler component of Ugreen DH2100+ that allows for symlink following. This issue can be directly exploited on the physical device. The exploit has been publicly disclosed. The vendor was informed of the issue but did not provide a response.
Recommendations
Restrict physical access to the device.
Exploit
Fix
Link Following
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ugreen Dh2100+