CVE-2025-34248

N/A Unknown
Published: October 09, 2025 Modified: October 14, 2025
View on NVD

Description

D-Link Nuclias Connect firmware versions < 1.3.1.4 contain a directory traversal vulnerability within /api/web/dnc/global/database/deleteBackup due to improper sanitization of the deleteBackupList parameter. This can allow an authenticated attacker to delete arbitrary files impacting the integrity and availability of the system.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10472
Source: disclosure@vulncheck.com
https://www.dlink.com/en/for-business/nuclias/nuclias-connect
Source: disclosure@vulncheck.com
https://www.vulncheck.com/advisories/dlink-nuclias-connect-directory-traversal-to-arbitrary-file-deletion
Source: disclosure@vulncheck.com

3 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.7%
72th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-22

Related CVEs

CVE-2026-0824 3.5
CVE-2026-0822 6.3
CVE-2025-13393 4.3
CVE-2025-12379 6.4
CVE-2026-0821 7.3