19 matches found
CVE-2025-69430
An Incorrect Symlink Follow vulnerability exists in multiple Yottamaster NAS devices, including DM2 version equal to or prior to V1.9.12, DM3 version equal to or prior to V1.9.12, and DM200 version equal to or prior to V1.2.23 that could be exploited by attackers to leak or tamper with the intern...
CVE-2025-69430
An Incorrect Symlink Follow vulnerability exists in multiple Yottamaster NAS devices, including DM2 version equal to or prior to V1.9.12, DM3 version equal to or prior to V1.9.12, and DM200 version equal to or prior to V1.2.23 that could be exploited by attackers to leak or tamper with the intern...
CVE-2025-69430
An Incorrect Symlink Follow vulnerability exists in multiple Yottamaster NAS devices, including DM2 version equal to or prior to V1.9.12, DM3 version equal to or prior to V1.9.12, and DM200 version equal to or prior to V1.2.23 that could be exploited by attackers to leak or tamper with the intern...
EUVD-2025-206720
An Incorrect Symlink Follow vulnerability exists in multiple Yottamaster NAS devices, including DM2 version equal to or prior to V1.9.12, DM3 version equal to or prior to V1.9.12, and DM200 version equal to or prior to V1.2.23 that could be exploited by attackers to leak or tamper with the intern...
PT-2026-5971
An Incorrect Symlink Follow vulnerability exists in multiple Yottamaster NAS devices, including DM2 version equal to or prior to V1.9.12, DM3 version equal to or prior to V1.9.12, and DM200 version equal to or prior to V1.2.23 that could be exploited by attackers to leak or tamper with the intern...
CVE-2025-69430
An Incorrect Symlink Follow vulnerability exists in multiple Yottamaster NAS devices, including DM2 version equal to or prior to V1.9.12, DM3 version equal to or prior to V1.9.12, and DM200 version equal to or prior to V1.2.23 that could be exploited by attackers to leak or tamper with the intern...
CVE-2025-69430
An Incorrect Symlink Follow vulnerability exists in multiple Yottamaster NAS devices, including DM2 version equal to or prior to V1.9.12, DM3 version equal to or prior to V1.9.12, and DM200 version equal to or prior to V1.2.23 that could be exploited by attackers to leak or tamper with the intern...
Yottamaster多款产品 安全漏洞
Yottamaster DM2, among others, are models of private cloud storage boxes produced by Yottamaster. Several products from Yottamaster have security vulnerabilities; these vulnerabilities stem from incorrect symbol link tracking, which may lead to the disclosure or tampering with the internal file...
CVE-2025-69430
An Incorrect Symlink Follow vulnerability exists in multiple Yottamaster NAS devices, including DM2 version equal to or prior to V1.9.12, DM3 version equal to or prior to V1.9.12, and DM200 version equal to or prior to V1.2.23 that could be exploited by attackers to leak or tamper with the intern...
CVE-2025-69430
CVE-2025-69430 describes an Incorrect Symlink Follow vulnerability affecting multiple Yottamaster NAS devices (DM2 up to V1.9.12, DM3 up to V1.9.12, DM200 up to V1.2.23). An attacker could format a USB drive as ext4, create a symbolic link to the USB root, insert the drive, and access the symlink...
CVE-2025-14224
A vulnerability was found in Yottamaster DM2, DM3 and DM200 up to 1.2.23/1.9.12. Affected by this issue is some unknown functionality of the component File Upload. Performing manipulation results in path traversal. Remote exploitation of the attack is possible. The exploit has been made public an...
EUVD-2025-201680
A vulnerability was found in Yottamaster DM2, DM3 and DM200 up to 1.2.23/1.9.12. Affected by this issue is some unknown functionality of the component File Upload. Performing manipulation results in path traversal. Remote exploitation of the attack is possible. The exploit has been made public an...
CVE-2025-14224
A vulnerability was found in Yottamaster DM2, DM3 and DM200 up to 1.2.23/1.9.12. Affected by this issue is some unknown functionality of the component File Upload. Performing manipulation results in path traversal. Remote exploitation of the attack is possible. The exploit has been made public an...
CVE-2025-14224
A vulnerability was found in Yottamaster DM2, DM3 and DM200 up to 1.2.23/1.9.12. Affected by this issue is some unknown functionality of the component File Upload. Performing manipulation results in path traversal. Remote exploitation of the attack is possible. The exploit has been made public an...
CVE-2025-14224 Yottamaster DM2/DM3/DM200 File Upload path traversal
A vulnerability was found in Yottamaster DM2, DM3 and DM200 up to 1.2.23/1.9.12. Affected by this issue is some unknown functionality of the component File Upload. Performing manipulation results in path traversal. Remote exploitation of the attack is possible. The exploit has been made public an...
CVE-2025-14224
CVE-2025-14224 affects Yottamaster DM2/DM3/DM200 up to 1.2.23 and 1.9.12. The vulnerability is a path traversal in the File Upload component that can be triggered remotely. The exploit has been publicly released, enabling remote exploitation, and multiple sources note the vendor did not respond t...
CVE-2025-14224 Yottamaster DM2/DM3/DM200 File Upload path traversal
A vulnerability was found in Yottamaster DM2, DM3 and DM200 up to 1.2.23/1.9.12. Affected by this issue is some unknown functionality of the component File Upload. Performing manipulation results in path traversal. Remote exploitation of the attack is possible. The exploit has been made public an...
Yottamaster多款产品 安全漏洞
Yottamaster DM2 and others are a private cloud hard disk enclosure from Yottamaster. A security vulnerability exists in several Yottamaster products, which stems from a path traversal vulnerability in the file upload component. The following products and versions are affected: Yottamaster DM2, DM...
PT-2025-49529
Name of the Vulnerable Software and Affected Versions Yottamaster DM2 versions prior to 1.2.23 Yottamaster DM3 versions prior to 1.2.23 Yottamaster DM200 versions prior to 1.2.23 Yottamaster DM2 versions prior to 1.9.12 Yottamaster DM3 versions prior to 1.9.12 Yottamaster DM200 versions prior to...