CVE-2025-14188 | UGREEN DH2100+ up to 5.3.0.251125 nas_svr /v1/file/backup/create handler_file_backup_create path command injection

A vulnerability was found in UGREEN DH2100+ up to 5.3.0.251125. It has been rated as critical. This impacts the function handler_file_backup_create of the file /v1/file/backup/create of the component nas_svr. The manipulation of the argument path leads to command injection.

This vulnerability is uniquely identified as CVE-2025-14188. The attack is possible to be carried out remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More