CNNVD-202512-827 Information

CNNVD ID

CNNVD-202512-827

Related CVE

CVE-2025-14188

• CNNVD Published: 2025-12-07

Description (Chinese)

UGREEN DH2100+是中国绿联（UGREEN）公司的一款私有云存储设备。 UGREEN DH2100+ 5.3.0.251125及之前版本存在命令注入漏洞，该漏洞源于组件nas_svr中文件/v1/file/backup/create的函数handler_file_backup_create对参数path的错误操作，可能导致命令注入。

Description (English)

UGREEN DH2100+ is a private cloud storage facility of the Green Federation of China (UGREEN). UGREEN DH2100+ 5.3.0.251125 and previous versions had a command-injecting loophole, which originated from the error in the function of document/v1/file/backup/create in component nas svr, which could lead to the command-injection.

Hazard Level

Medium

Vulnerability Type

命令注入

Affected Vendor

绿联

Published

2025-12-07

Last Modified

2026-02-24

References

https://www.notion.so/25e2b76e8e0c80578014fff04a950576 https://vuldb.com/?id.334608 https://vuldb.com/?submit.698833 https://vuldb.com/?ctiid.334608 https://access.redhat.com/security/cve/cve-2025-14188