CVE-2025-14693

high

Description

A vulnerability has been found in Ugreen DH2100+ up to 5.3.0. This affects an unknown function of the component USB Handler. Such manipulation leads to symlink following. The attack can be executed directly on the physical device. The exploit has been disclosed to the public and may be used. It is suggested to upgrade the affected component.

References

https://www.notion.so/2bc6cf4e528a8083bf3fc6f7a953f0a1

https://vuldb.com/?submit.704657

https://vuldb.com/?submit.704646

https://vuldb.com/?id.336411

https://vuldb.com/?ctiid.336411

Details

Source: Mitre, NVD

Published: 2025-12-15

Updated: 2026-01-28

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:L/AC:L/Au:M/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 6.6

Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: Medium

CVSS v4

Base Score: 7

Vector: CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Severity: High

EPSS

EPSS: 0.00016