Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-14224

Опубликовано: 08 дек. 2025
Источник: nvd
CVSS3: 4.3
CVSS3: 9.8
CVSS2: 4
EPSS Низкий

Описание

A vulnerability was found in Yottamaster DM2, DM3 and DM200 up to 1.2.23/1.9.12. Affected by this issue is some unknown functionality of the component File Upload. Performing manipulation results in path traversal. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:yottamaster:dm2_firmware:*:*:*:*:*:*:*:*
Версия до 1.9.12 (включая)
cpe:2.3:h:yottamaster:dm2:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:yottamaster:dm3_firmware:*:*:*:*:*:*:*:*
Версия до 1.9.12 (включая)
cpe:2.3:h:yottamaster:dm3:-:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:o:yottamaster:dm200_firmware:*:*:*:*:*:*:*:*
Версия до 1.2.23 (включая)
cpe:2.3:h:yottamaster:dm200:-:*:*:*:*:*:*:*

EPSS

Процентиль: 43%
0.00207
Низкий

4.3 Medium

CVSS3

9.8 Critical

CVSS3

4 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

github логотип

GHSA-v3rg-4rhw-582m

CVSS3: 4.3
github
2 месяца назад

A vulnerability was found in Yottamaster DM2, DM3 and DM200 up to 1.2.23/1.9.12. Affected by this issue is some unknown functionality of the component File Upload. Performing manipulation results in path traversal. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

EPSS

Процентиль: 43%
0.00207
Низкий

4.3 Medium

CVSS3

9.8 Critical

CVSS3

4 Medium

CVSS2

Дефекты

CWE-22