CNNVD-202512-829 Information

CNNVD ID

CNNVD-202512-829

Related CVE

CVE-2025-14187

• CNNVD Published: 2025-12-07

Description (Chinese)

UGREEN DH2100+是中国绿联（UGREEN）公司的一款私有云存储设备。 UGREEN DH2100+ 5.3.0.251125及之前版本存在安全漏洞，该漏洞源于组件nas_svr中文件/v1/file/backup/create的函数handler_file_backup_create对参数path的错误操作，可能导致缓冲区溢出。

Description (English)

UGREEN DH2100+ is a private cloud storage facility of the Green Federation of China (UGREEN). There is a security loophole in UGREEN DH2100+ 5.3.0.251125 and earlier versions, which stems from the error in the function of document /v1/file/backup/create in component nas svr, Handler file backup create path, which may result in a spill over the buffer zone.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

绿联

Published

2025-12-07

Last Modified

2026-02-24

References

https://www.notion.so/2b16cf4e528a80bbb5fdeff145f110ec https://vuldb.com/?id.334607 https://vuldb.com/?submit.698652 https://vuldb.com/?ctiid.334607 https://access.redhat.com/security/cve/cve-2025-14187