PT-2026-5971 · Yottamaster · Dm200 Firmware+2
Published
2026-02-03
·
Updated
2026-02-03
·
CVE-2025-69430
CVSS v3.1
6.1
Medium
| Vector | AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Yottamaster DM2 versions prior to V1.9.12
Yottamaster DM3 versions prior to V1.9.12
Yottamaster DM200 versions prior to V1.2.23
Description
An incorrect symlink follow issue allows attackers to leak or tamper with the internal file system. By formatting a USB drive to ext4 and creating a symbolic link to its root directory, an attacker can insert the drive into the device slot and access the mounted symlink directory to obtain or modify all files within the system.
Recommendations
Update DM2 to a version newer than V1.9.12.
Update DM3 to a version newer than V1.9.12.
Update DM200 to a version newer than V1.2.23.
Exploit
Fix
Link Following
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dm200 Firmware
Dm2 Firmware
Dm3 Firmware