33 matches found
D-Link Nuclias Connec Login Endpoint Observable Response Discrepancy Vulnerability
D-Link Nuclias Connect is a network management software from D-Link for centralized management of wireless access points APs, supporting multi-device remote control and reporting capabilities. D-Link Nuclias Connect suffers from an observable response difference vulnerability that stems from the...
D-Link Nuclias Connect Cross-Site Scripting Vulnerability
D-Link Nuclias Connect is a network management software from D-Link for centralized management of wireless access points APs, supporting multi-device remote control and reporting capabilities. D-Link Nuclias Connect suffers from a cross-site scripting vulnerability that stems from the application...
D-Link Nuclias Connect Observable Response Discrepancy Vulnerability
D-Link Nuclias Connect is a network management software from D-Link for centralized management of wireless access points APs, supporting multi-device remote control and reporting capabilities. An observable response difference vulnerability exists in D-Link Nuclias Connect that stems from an...
D-Link Nuclias Connect Directory Traversal Vulnerability
D-Link Nuclias Connect is a network management software from D-Link for centralized management of wireless access points APs, supporting multi-device remote control and reporting capabilities. A directory traversal vulnerability exists in D-Link Nuclias Connect, which stems from improper cleanup ...
CVE-2025-34254
D-Link Nuclias Connect firmware versions = 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Login' endpoint returns distinct JSON responses depending on whether the supplied username is associated with an existing account. Because the responses differ in the...
CVE-2025-34253
D-Link Nuclias Connect firmware versions = 1.3.1.4 contain a stored cross-site scripting XSS vulnerability due to improper sanitization of the 'Network' field when editing the configuration, creating a profile, and adding a network. An authenticated attacker can inject arbitrary JavaScript to be...
EUVD-2025-34831
D-Link Nuclias Connect firmware versions = 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Login' endpoint returns distinct JSON responses depending on whether the supplied username is associated with an existing account. Because the responses differ in the...
EUVD-2025-34830
D-Link Nuclias Connect firmware versions = 1.3.1.4 contain a stored cross-site scripting XSS vulnerability due to improper sanitization of the 'Network' field when editing the configuration, creating a profile, and adding a network. An authenticated attacker can inject arbitrary JavaScript to be...
EUVD-2025-34832
D-Link Nuclias Connect firmware versions = 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Forgot Password' endpoint returns distinct JSON responses depending on whether the supplied email address is associated with an existing account. Because the responses...
CVE-2025-34254
D-Link Nuclias Connect firmware versions = 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Login' endpoint returns distinct JSON responses depending on whether the supplied username is associated with an existing account. Because the responses differ in the...
CVE-2025-34255
D-Link Nuclias Connect firmware versions = 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Forgot Password' endpoint returns distinct JSON responses depending on whether the supplied email address is associated with an existing account. Because the responses...
CVE-2025-34255
D-Link Nuclias Connect firmware versions = 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Forgot Password' endpoint returns distinct JSON responses depending on whether the supplied email address is associated with an existing account. Because the responses...
CVE-2025-34253
D-Link Nuclias Connect firmware versions
CVE-2025-34253 D-Link Nuclias Connect <= v1.3.1.4 Stored Cross-Site Scripting (XSS)
D-Link Nuclias Connect firmware versions = 1.3.1.4 contain a stored cross-site scripting XSS vulnerability due to improper sanitization of the 'Network' field when editing the configuration, creating a profile, and adding a network. An authenticated attacker can inject arbitrary JavaScript to be...
CVE-2025-34255 D-Link Nuclias Connect <= v1.3.1.4 Forgot Password Account Enumeration
D-Link Nuclias Connect firmware versions = 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Forgot Password' endpoint returns distinct JSON responses depending on whether the supplied email address is associated with an existing account. Because the responses...
CVE-2025-34255
D-Link Nuclias Connect firmware versions = 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Forgot Password' endpoint returns distinct JSON responses depending on whether the supplied email address is associated with an existing account. Because the responses...
CVE-2025-34255
CVE-2025-34255 (D-Link Nuclias Connect) affects firmware versions
CVE-2025-34255 D-Link Nuclias Connect <= v1.3.1.4 Forgot Password Account Enumeration
D-Link Nuclias Connect firmware versions = 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Forgot Password' endpoint returns distinct JSON responses depending on whether the supplied email address is associated with an existing account. Because the responses...
CVE-2025-34254 D-Link Nuclias Connect <= v1.3.1.4 Login Account Enumeration
D-Link Nuclias Connect firmware versions = 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Login' endpoint returns distinct JSON responses depending on whether the supplied username is associated with an existing account. Because the responses differ in the...
CVE-2025-34254
D-Link Nuclias Connect: firmware