CVE-2025-69429

Name of the Vulnerable Software and Affected Versions ORICO NAS CD3510 versions V1.9.12 and below

Description The ORICO NAS CD3510 is affected by an Incorrect Symlink Follow issue. This allows attackers to potentially leak or modify the internal file system. An attacker can format a USB drive to ext4, create a symbolic link to its root directory, insert the drive into the NAS device, and then access the USB drive’s symlink directory mounted on the NAS to obtain and tamper with files within the NAS system.

Recommendations Update ORICO NAS CD3510 to a version later than V1.9.12.