CVE-2025-14693 | Ugreen DH2100+ up to 5.3.0 USB symlink

Inserito da Angelo Barbosa | Dic 14, 2025 | CVE

A vulnerability was found in Ugreen DH2100+ up to 5.3.0 and classified as critical. This affects an unknown function of the component USB Handler. Such manipulation leads to symlink following.

This vulnerability is referenced as CVE-2025-14693. The attack can be executed directly on the physical device. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-14693 | Ugreen DH2100+ up to 5.3.0 USB symlink

Post correlati

CVE-2024-9458 | Reservit Hotel Plugin up to 2.x on WordPress cross site scripting

CVE-2024-50222 | Linux Kernel up to 6.6.59/6.11.6 iov_iter copy_page_from_iter_atomic infinite loop (4f7ffa83fa79/3a303409f271/c749d9b7ebbc)

CVE-2024-50354 | Consensys gnark up to 0.10.x resource consumption (GHSA-cph5-3pgr-c82g)

CVE-2023-38297 | T-Mobile Device command injection