Path Traversal in D-link Nuclias Connect
CVE-2025-34248
D-Link Nuclias Connect firmware versions < 1.3.1.4 contain a directory traversal vulnerability within /api/web/dnc/global/database/deleteBackup due to improper sanitization of the deleteBackupList parameter. This can allow an authenticated…
Vulnerability class: Path Traversal (Directory Traversal)
EPSS: 0.006 (44.5th percentile) — read the EPSS interpretation.
Affected products
- D-link Nuclias Connect — versions 0
Weakness classification (CWE)
References
- disclosure@vulncheck.com (third-party-advisory)
- disclosure@vulncheck.com (product)
- disclosure@vulncheck.com (vendor-advisory, patch)