ORICO CD3510 Path Traversal Vulnerability in File Upload Component

Vulnerability

A path traversal vulnerability has been identified in the ORICO CD3510 NAS device running firmware version 1.9.12. This vulnerability arises from improper handling of file upload operations, allowing low-level users to remotely upload arbitrary files to the personal spaces of high-level administrators or device owners. This issue could lead to both horizontal and vertical privilege escalation.

Impact

Exploitation of this vulnerability allows for unauthorized file uploads, which could be used to escalate privileges on the affected device.

Added: Dec 8, 2025, 7:18 AM

Updated: Dec 8, 2025, 7:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.6

remediation

0.0

relevance

1.4

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.6

remediation

0.0

relevance

1.4

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ORICO CD3510 Path Traversal Vulnerability in File Upload Component

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating