UGREEN DH2100+ Buffer Overflow Vulnerability in NAS Service

Vulnerability

A buffer overflow vulnerability has been identified in the UGREEN DH2100+ NAS device, affecting firmware versions prior to 5.3.0.251125. The vulnerability arises in the 'handler_file_backup_create' function within the '/v1/file/backup/create' endpoint of the 'nas_svr' component. By manipulating the 'path' argument, an attacker can exploit this vulnerability remotely. The issue has been publicly disclosed, and an exploit is available.

Impact

Exploitation of this vulnerability can lead to a buffer overflow, allowing for arbitrary code execution on the affected NAS device. Additionally, the 'nas_svr' service can be crashed, causing a denial-of-service condition.

Added: Dec 7, 2025, 9:17 AM

Updated: Dec 7, 2025, 9:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.6

remediation

0.0

relevance

1.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.6

remediation

0.0

relevance

1.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

UGREEN DH2100+ Buffer Overflow Vulnerability in NAS Service

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating