Path Traversal in D-link Nuclias Connect

CVE-2025-34248

D-Link Nuclias Connect firmware versions < 1.3.1.4 contain a directory traversal vulnerability within /api/web/dnc/global/database/deleteBackup due to improper sanitization of the deleteBackupList parameter. This can allow an authenticated…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.006 (44.5th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References