CVE-2025-34248
D-Link Nuclias Connect < v1.3.1.4 Directory Traversal to Arbitrary File Deletion
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
D-Link Nuclias Connect firmware versions < 1.3.1.4 contain a directory traversal vulnerability within /api/web/dnc/global/database/deleteBackup due to improper sanitization of the deleteBackupList parameter. This can allow an authenticated attacker to delete arbitrary files impacting the integrity and availability of the system.
| CWE | CWE-22 |
| Vendor | d-link |
| Product | nuclias connect |
| Published | Oct 9, 2025 |
| Last Updated | Mar 23, 2026 |
Stay Ahead of the Next One
Get instant alerts for d-link nuclias connect
Be the first to know when new unknown vulnerabilities affecting d-link nuclias connect are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
D-Link / Nuclias Connect
* < 1.3.1.4
References
vulncheck.com: https://www.vulncheck.com/advisories/dlink-nuclias-connect-directory-traversal-to-arbitrary-file-deletion dlink.com: https://www.dlink.com/en/for-business/nuclias/nuclias-connect supportannouncement.us.dlink.com: https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10472
Credits
Alex Williams from Pellera Technologies