D-Link Nuclias Connect < v1.3.1.4 Directory Traversal to Arbitrary File...

7.2 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

Description

D-Link Nuclias Connect firmware versions < 1.3.1.4 contain a directory traversal vulnerability within /api/web/dnc/global/database/deleteBackup due to improper sanitization of the deleteBackupList parameter. This can allow an authenticated attacker to delete arbitrary files impacting the integrity and availability of the system.

Basic Information

ID CVE-2025-34248

Source VulnCheck

Published Oct 9, 2025 at 20:43

Modified Oct 9, 2025 at 20:45

Affected Product

Vendor D-Link

Product Nuclias Connect

Version *

Affected Versions D-Link Nuclias Connect *

CWE Classification

CWE-22

References

{
    "lastseen": "",
    "description": "D-Link Nuclias Connect firmware versions < 1.3.1.4 contain a directory traversal vulnerability within /api/web/dnc/global/database/deleteBackup due to improper sanitization of the deleteBackupList parameter. This can allow an authenticated attacker to delete arbitrary files impacting the integrity and availability of the system.",
    "published": "2025-10-09T20:43:53.064Z",
    "modified": "2025-10-09T20:45:11.607Z",
    "type": "cve",
    "title": "D-Link Nuclias Connect < v1.3.1.4 Directory Traversal to Arbitrary File Deletion",
    "source": "VulnCheck",
    "references": "https://www.vulncheck.com/advisories/dlink-nuclias-connect-directory-traversal-to-arbitrary-file-deletion\nhttps://www.dlink.com/en/for-business/nuclias/nuclias-connect",
    "id": "CVE-2025-34248",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "D-Link Nuclias Connect *",
    "sourceHref": "",
    "cvss": {
        "score": 7.2,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Nuclias Connect",
    "version": "*",
    "vendor": "D-Link",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

D-Link Nuclias Connect < v1.3.1.4 Directory Traversal to Arbitrary File Deletion_CVE-2025-34248