CVE-2025-69429

The ORICO NAS CD3510 (version V1.9.12 and below) contains an Incorrect Symlink Follow vulnerability that could be exploited by attackers to leak or tamper with the internal file system. Attackers can format a USB drive to ext4, create a symbolic link to its root directory, insert the drive into the NAS device's slot, then access the USB drive's symlink directory mounted on the NAS to obtain all files within the NAS system and tamper with those files.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 5.2

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.notion.so/ORICO-NAS-Incorrect-Symlink-Follow-2c36cf4e528a80b7bf0be4dcac758419?source=copy_link	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:orico:cd3510_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:orico:cd3510:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-02-03 18:16

Updated : 2026-02-11 16:40

NVD link : CVE-2025-69429

Mitre link : CVE-2025-69429

CVE.ORG link : CVE-2025-69429

JSON object : View

Products Affected

orico

cd3510
cd3510_firmware

CWE

CWE-59

Improper Link Resolution Before File Access ('Link Following')

{"id": "CVE-2025-69429", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 0.9}]}, "published": "2026-02-03T18:16:16.697", "references": [{"url": "https://www.notion.so/ORICO-NAS-Incorrect-Symlink-Follow-2c36cf4e528a80b7bf0be4dcac758419?source=copy_link", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-59"}]}], "descriptions": [{"lang": "en", "value": "The ORICO NAS CD3510 (version V1.9.12 and below) contains an Incorrect Symlink Follow vulnerability that could be exploited by attackers to leak or tamper with the internal file system. Attackers can format a USB drive to ext4, create a symbolic link to its root directory, insert the drive into the NAS device's slot, then access the USB drive's symlink directory mounted on the NAS to obtain all files within the NAS system and tamper with those files."}, {"lang": "es", "value": "El ORICO NAS CD3510 (versi\u00f3n V1.9.12 e inferiores) contiene una vulnerabilidad de seguimiento de enlace simb\u00f3lico incorrecto que podr\u00eda ser explotada por atacantes para filtrar o manipular el sistema de archivos interno. Los atacantes pueden formatear una unidad USB a ext4, crear un enlace simb\u00f3lico a su directorio ra\u00edz, insertar la unidad en la ranura del dispositivo NAS, luego acceder al directorio de enlace simb\u00f3lico de la unidad USB montado en el NAS para obtener todos los archivos dentro del sistema NAS y manipular esos archivos."}], "lastModified": "2026-02-11T16:40:38.520", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:orico:cd3510_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6DE518A6-9B0F-4E1D-B8CB-1CFDB66E049D", "versionEndIncluding": "1.9.12"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:orico:cd3510:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "543C6DE1-3ACA-4EA0-900E-DBEB306607F8"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}