| शीर्षक | UGREEN DH2100+ NAS V4.2.0.601 Remote Command Execution |
|---|
| विवरण | A remote command execution vulnerability exists in the UGREEN DH2100+ NAS device. This vulnerability arises from a combination of arbitrary directory creation and command injection vulnerabilities. An attacker can send a specially crafted message to the /v1/file/backup/create endpoint, creating a uuid directory through directory traversal in the path field, and injecting malicious commands into the directory name (i.e., uuid name), thereby gaining ROOT control of the remote target NAS device. |
|---|
| स्रोत | ⚠️ https://www.notion.so/25e2b76e8e0c80578014fff04a950576 |
|---|
| उपयोगकर्ता | Anonymous User |
|---|
| सबमिशन | 20/11/2025 07:26 PM (5 महीनों पहले) |
|---|
| संयम | 06/12/2025 03:15 PM (16 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 334608 [UGREEN DH2100+ तक 5.3.0.251125 nas_svr /v1/file/backup/create handler_file_backup_create path अधिकार वृद्धि] |
|---|
| अंक | 17 |
|---|