CVE-2026-8185

A security vulnerability has been detected in UGREEN CM933 1.1.59.4319. The impacted element is an unknown function of the component Administrative Interface. Such manipulation leads to missing authentication. The attack requires being on the local network. You should upgrade the affected...

CVE-2026-8185

A security vulnerability has been detected in UGREEN CM933 1.1.59.4319. The impacted element is an unknown function of the component Administrative Interface. Such manipulation leads to missing authentication. The attack requires being on the local network. You should upgrade the affected...

CVE-2026-8185

A security vulnerability has been detected in UGREEN CM933 1.1.59.4319. The impacted element is an unknown function of the component Administrative Interface. Such manipulation leads to missing authentication. The attack requires being on the local network. You should upgrade the affected...

EUVD-2026-28909

A security vulnerability has been detected in UGREEN CM933 1.1.59.4319. The impacted element is an unknown function of the component Administrative Interface. Such manipulation leads to missing authentication. The attack requires being on the local network. You should upgrade the affected...

PT-2026-39331

Name of the Vulnerable Software and Affected Versions UGREEN CM933 version 1.1.59.4319 Description An authentication bypass exists in the Administrative Interface of the device. This issue allows an attacker located on the local network to bypass authentication mechanisms due to a flaw in an...

UGREEN CM933 授权问题漏洞

The UGREEN CM933 is a USB hub device from the Chinese company UGREEN, which provides multi-port expansion and data transmission capabilities. Version 1.1.59.4319 of the UGREEN CM933 has an authorization issue vulnerability. This vulnerability stems from unknown functions in the management interfa...

CVE-2025-14693

A vulnerability has been found in Ugreen DH2100+ up to 5.3.0. This affects an unknown function of the component USB Handler. Such manipulation leads to symlink following. The attack can be executed directly on the physical device. The exploit has been disclosed to the public and may be used. It i...

CVE-2025-14693

CVE-2025-14693 affects the Ugreen DH2100+ device (up to version 5.3.0) via the USB Handler component. The vulnerability in the USB Handler enables symlink following, and exploitation can be carried out on the physical device. The exploit has been disclosed publicly. A remediation is to upgrade th...

CVE-2025-14693 Ugreen DH2100+ USB symlink

A vulnerability has been found in Ugreen DH2100+ up to 5.3.0. This affects an unknown function of the component USB Handler. Such manipulation leads to symlink following. The attack can be executed directly on the physical device. The exploit has been disclosed to the public and may be used. It i...

CVE-2025-14693 Ugreen DH2100+ USB symlink

A vulnerability has been found in Ugreen DH2100+ up to 5.3.0. This affects an unknown function of the component USB Handler. Such manipulation leads to symlink following. The attack can be executed directly on the physical device. The exploit has been disclosed to the public and may be used. It i...

EUVD-2025-203318

A vulnerability has been found in Ugreen DH2100+ up to 5.3.0. This affects an unknown function of the component USB Handler. Such manipulation leads to symlink following. The attack can be executed directly on the physical device. The exploit has been disclosed to the public and may be used. The...

CVE-2025-14693

A vulnerability has been found in Ugreen DH2100+ up to 5.3.0. This affects an unknown function of the component USB Handler. Such manipulation leads to symlink following. The attack can be executed directly on the physical device. The exploit has been disclosed to the public and may be used. It i...

PT-2025-51181

Name of the Vulnerable Software and Affected Versions Ugreen DH2100+ versions up to 5.3.0 Description A flaw exists in the USB Handler component of Ugreen DH2100+ that allows for symlink following. This issue can be directly exploited on the physical device. The exploit has been publicly disclose...

UGREEN DH2100+ 安全漏洞

UGREEN DH2100+ is a private cloud storage device from China Greenlink UGREEN. A security vulnerability exists in UGREEN DH2100+ version 5.3.0 and earlier, which stems from a symbolic link following issue in the USB Handler component...

CVE-2025-14187

A weakness has been identified in UGREEN DH2100+ up to 5.3.0.251125. This affects the function handlerfilebackupcreate of the file /v1/file/backup/create of the component nassvr. Executing a manipulation of the argument path can lead to buffer overflow. The attack can be executed remotely. The...

EUVD-2025-201598

A security vulnerability has been detected in UGREEN DH2100+ up to 5.3.0.251125. This impacts the function handlerfilebackupcreate of the file /v1/file/backup/create of the component nassvr. The manipulation of the argument path leads to command injection. The attack is possible to be carried out...

CVE-2025-14188

A security vulnerability has been detected in UGREEN DH2100+ up to 5.3.0.251125. This impacts the function handlerfilebackupcreate of the file /v1/file/backup/create of the component nassvr. The manipulation of the argument path leads to command injection. The attack is possible to be carried out...

CVE-2025-14188 UGREEN DH2100+ nas_svr create handler_file_backup_create command injection

A security vulnerability has been detected in UGREEN DH2100+ up to 5.3.0.251125. This impacts the function handlerfilebackupcreate of the file /v1/file/backup/create of the component nassvr. The manipulation of the argument path leads to command injection. The attack is possible to be carried out...

EUVD-2025-201596

A weakness has been identified in UGREEN DH2100+ up to 5.3.0.251125. This affects the function handlerfilebackupcreate of the file /v1/file/backup/create of the component nassvr. Executing manipulation of the argument path can lead to buffer overflow. The attack can be executed remotely. The...

CVE-2025-14187

A weakness has been identified in UGREEN DH2100+ up to 5.3.0.251125. This affects the function handlerfilebackupcreate of the file /v1/file/backup/create of the component nassvr. Executing a manipulation of the argument path can lead to buffer overflow. The attack can be executed remotely. The...