Primary

Context

Yottamaster DM2/DM3/DM200 File Upload Path Traversal Vulnerability

Vulnerability

A path traversal vulnerability has been identified in Yottamaster DM2, DM3, and DM200 versions through 1.2.23/1.9.12. This vulnerability arises from the File Upload component, where improper handling of file paths allows for traversal outside of intended directories. The issue can be exploited remotely, and a public proof-of-concept exploit is available.

Impact

Exploitation of this vulnerability allows for unauthorized file operations, potentially leading to horizontal and vertical privilege escalation.

Added: Dec 8, 2025, 9:24 AM

Updated: Dec 8, 2025, 2:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

8.7

remediation

0.0

relevance

1.4

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

8.7

remediation

0.0

relevance

1.4

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Yottamaster DM2/DM3/DM200 File Upload Path Traversal Vulnerability

Vulnerability

Impact

Affected Products

Yottamaster DM2

Yottamaster DM3

Yottamaster DM200

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating