8 matches found
CVE-2025-34255
D-Link Nuclias Connect firmware versions = 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Forgot Password' endpoint returns distinct JSON responses depending on whether the supplied email address is associated with an existing account. Because the responses...
EUVD-2025-34832
D-Link Nuclias Connect firmware versions = 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Forgot Password' endpoint returns distinct JSON responses depending on whether the supplied email address is associated with an existing account. Because the responses...
EUVD-2025-34830
D-Link Nuclias Connect firmware versions = 1.3.1.4 contain a stored cross-site scripting XSS vulnerability due to improper sanitization of the 'Network' field when editing the configuration, creating a profile, and adding a network. An authenticated attacker can inject arbitrary JavaScript to be...
CVE-2025-34255
D-Link Nuclias Connect firmware versions = 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Forgot Password' endpoint returns distinct JSON responses depending on whether the supplied email address is associated with an existing account. Because the responses...
CVE-2025-34253 D-Link Nuclias Connect <= v1.3.1.4 Stored Cross-Site Scripting (XSS)
D-Link Nuclias Connect firmware versions = 1.3.1.4 contain a stored cross-site scripting XSS vulnerability due to improper sanitization of the 'Network' field when editing the configuration, creating a profile, and adding a network. An authenticated attacker can inject arbitrary JavaScript to be...
CVE-2025-34255
D-Link Nuclias Connect firmware versions = 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Forgot Password' endpoint returns distinct JSON responses depending on whether the supplied email address is associated with an existing account. Because the responses...
CVE-2025-34254
D-Link Nuclias Connect: firmware
CVE-2025-34248
D-Link Nuclias Connect firmware versions 1.3.1.4 contain a directory traversal vulnerability within /api/web/dnc/global/database/deleteBackup due to improper sanitization of the deleteBackupList parameter. This can allow an authenticated attacker to delete arbitrary files impacting the integrity...