CVE-2025-34048
D-Link DSL-2730U/2750U/2750E Path Traversal Arbitrary File Read
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
A path traversal vulnerability exists in the web management interface of D-Link DSL-2730U, DSL-2750U, and DSL-2750E ADSL routers with firmware versions IN_1.02, SEA_1.04, and SEA_1.07. The vulnerability is due to insufficient input validation on the getpage parameter within the /cgi-bin/webproc CGI script. This flaw allows an unauthenticated remote attacker to perform path traversal attacks by supplying crafted requests, enabling arbitrary file read on the affected device. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-04 UTC.
| CWE | CWE-22 |
| Vendor | d-link |
| Product | dsl-2730u |
| Published | Jun 26, 2025 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for d-link dsl-2730u
Be the first to know when new unknown vulnerabilities affecting d-link dsl-2730u are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
D-Link / DSL-2730U
IN_1.02
D-Link / DSL-2750U
SEA_1.04 SEA_1.07
D-Link / DSL-2750E
SEA_1.04 SEA_1.07
References
exploit-db.com: https://www.exploit-db.com/exploits/40735 github.com: https://github.com/threat9/routersploit/blob/master/routersploit/modules/exploits/routers/dlink/dsl_2730_2750_path_traversal.py dlink.com: https://www.dlink.com vulncheck.com: https://vulncheck.com/advisories/dlink-dsl-routers-path-traversal-file-read
Credits
Todor Donev