Ugreen DH2100+ USB symlink_CVE-2025-14693

7 / 10

HIGH

CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability has been found in Ugreen DH2100+ up to 5.3.0. This affects an unknown function of the component USB Handler. Such manipulation leads to symlink following. The attack can be executed directly on the physical device. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-14693

Source VulDB

Published Dec 15, 2025 at 00:02

Affected Product

Vendor Ugreen

Product DH2100+

Version 5.0

Affected Versions Ugreen DH2100+ 5.0
Ugreen DH2100+ 5.1
Ugreen DH2100+ 5.2
Ugreen DH2100+ 5.3.0

CWE Classification

CWE-61 CWE-59

References

{
    "lastseen": "",
    "description": "A vulnerability has been found in Ugreen DH2100+ up to 5.3.0. This affects an unknown function of the component USB Handler. Such manipulation leads to symlink following. The attack can be executed directly on the physical device. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-12-15T00:02:06.966Z",
    "modified": "2025-12-15T00:02:06.966Z",
    "type": "cve",
    "title": "Ugreen DH2100+ USB symlink",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.336411\nhttps://vuldb.com/?ctiid.336411\nhttps://vuldb.com/?submit.704646\nhttps://vuldb.com/?submit.704657\nhttps://www.notion.so/2bc6cf4e528a8083bf3fc6f7a953f0a1",
    "id": "CVE-2025-14693",
    "bulletinFamily": "",
    "cwe": [
        "CWE-61",
        "CWE-59"
    ],
    "cvelist": null,
    "sourceData": "Ugreen DH2100+ 5.0\nUgreen DH2100+ 5.1\nUgreen DH2100+ 5.2\nUgreen DH2100+ 5.3.0",
    "sourceHref": "",
    "cvss": {
        "score": 7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DH2100+",
    "version": "5.0",
    "vendor": "Ugreen",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}