Path Traversal Vulnerability in D-Link ADSL Routers
CVE-2025-34048

8.7HIGH

Key Information:

Vendor: D-link
Status: Dsl-2730u; Dsl-2750u; Dsl-2750e
Vendor: CVE Published:; 26 June 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-34048?

A path traversal vulnerability has been identified in the web management interface of several D-Link ADSL routers. This security flaw arises from insufficient input validation in the getpage parameter of the /cgi-bin/webproc CGI script. By exploiting this vulnerability, an unauthenticated remote attacker can execute crafted requests leading to unauthorized access to arbitrary files on the affected devices. This presents a significant risk for users of D-Link DSL-2730U, DSL-2750U, and DSL-2750E models with specified firmware versions.

Affected Version(s)

DSL-2730U IN_1.02

DSL-2750E SEA_1.04

DSL-2750E SEA_1.07

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-34048 - Proof of Concept

References

https://www.exploit-db.com/exploits/40735

exploit

https://github.com/threat9/routersploit/blob/master/route...

exploit

https://www.dlink.com

product

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jun 26, 2025
👾
Exploit known to exist
Jun 26, 2025
Vulnerability published
Jun 26, 2025
Vulnerability Reserved
Apr 15, 2025

Credit

Todor Donev

D-link

Badges

What is CVE-2025-34048?

Affected Version(s)

Exploit Proof of Concept (PoC)

References

CVSS V4

Timeline

Credit