| Title | Ugreen NAS DH2100+ V5.3.0 Incorrect Access Control |
|---|
| Description | A vulnerability exists in UGREEN NAS devices that allows for the leakage and modification of arbitrary files within the system. This vulnerability stems from lax checks on symbolic links within external USB devices. An attacker could create symbolic links to arbitrary files on a USB device and insert them into the NAS device, thereby gaining access to or modifying the corresponding files within the system through the UGREEN NAS client, compromising confidentiality and integrity. |
|---|
| Source | ⚠️ https://www.notion.so/2bc6cf4e528a8083bf3fc6f7a953f0a1 |
|---|
| User | rgyue (UID 92984) |
|---|
| Submission | 12/02/2025 05:33 (5 months ago) |
|---|
| Moderation | 12/14/2025 11:48 (12 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 336411 [Ugreen DH2100+ up to 5.3.0 USB symlink] |
|---|
| Points | 17 |
|---|