Vendor: UGREEN
Affected products: DH2100+ NAS ≤ V5.3.0
Vendor Homepage: https://www.ugnas.com
Vendor contact information: https://www.ugnas.com/contact - nasjishu@ugreen.com
A vulnerability exists in the UGREEN NAS device DH2100+ (version V5.3.0 or lower) that allows for the leakage and modification of arbitrary files within the internal system. This vulnerability stems from lax checks on symbolic links within external USB devices. An attacker could create symbolic links to arbitrary files on a USB device and insert them into the NAS device, thereby gaining access to or modifying the corresponding files within the NAS system through the UGREEN NAS client.
First, prepare a USB device and format it as ext4. Then, create symbolic links for any file type on the USB drive (for example, /etc/passwd and /etc/shadow).
Then, by plugging the USB device into the NAS, the contents of the corresponding files inside the NAS system can be obtained through the UGREEN NAS APP (such as leaking all user files and system files stored inside the NAS), and the corresponding files can also be tampered with (for example, by adding malicious commands to a startup script).
For example, this could expose the passwd and shadow files inside the NAS system, or allow for their tampering or forgery.
NASchecker