CVE-2025-14188 | UGREEN DH2100+ up to 5.3.0.251125 nas_svr /v1/file/backup/create handler_file_backup_create path command injection

A vulnerability was found in UGREEN DH2100+ up to 5.3.0.251125. It has been rated as critical. This impacts the function handler_file_backup_create of the file /v1/file/backup/create of the component nas_svr. The manipulation of the argument path leads to command injection.

This vulnerability is uniquely identified as CVE-2025-14188. The attack is possible to be carried out remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-14188 | UGREEN DH2100+ up to 5.3.0.251125 nas_svr /v1/file/backup/create handler_file_backup_create path command injection

Post correlati

CVE-2022-42784 | Siemens LOGO 12 unknown vulnerability (ssa-844582)

CVE-2024-6016 | itsourcecode Online Laundry Management System 1.0 admin_class.php id sql injection

CVE-2023-7221 | Totolink T6 4.1.9cu.5241_B20210923 HTTP POST Request cstecgi.cgi main v41 buffer overflow

CVE-2025-52919 | Yealink YMCS RPS prior 2025-05-26 Certificate Upload certificate validation