Directory Traversal Vulnerability in D-Link Nuclias Connect Firmware
CVE-2025-34248
7.2HIGH
What is CVE-2025-34248?
D-Link Nuclias Connect firmware prior to version 1.3.1.4 has a directory traversal vulnerability that arises from insufficient sanitization of the 'deleteBackupList' parameter within the /api/web/dnc/global/database/deleteBackup endpoint. If exploited by an authenticated attacker, this vulnerability could enable the deletion of arbitrary files, thereby compromising the integrity and availability of the affected systems. It is crucial for users to update their firmware to mitigate this risk.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Nuclias Connect * < 1.3.1.4
References
CVSS V4
Score:
7.2
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Alex Williams from Pellera Technologies