CVE-2025-34255

UNKNOWN 0.0

D-Link Nuclias Connect <= v1.3.1.4 Forgot Password Account Enumeration

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Forgot Password' endpoint returns distinct JSON responses depending on whether the supplied email address is associated with an existing account. Because the responses differ in the `data.exist` boolean value, an unauthenticated remote attacker can enumerate valid email addresses/accounts on the server. NOTE: D-Link states that a fix is under development.

CWE	CWE-204
Vendor	d-link
Product	nuclias connect
Published	Oct 16, 2025
Last Updated	Mar 23, 2026

Stay Ahead of the Next One

Get instant alerts for d-link nuclias connect

Be the first to know when new unknown vulnerabilities affecting d-link nuclias connect are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

D-Link / Nuclias Connect

* < 1.3.1.4

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vulncheck.com: https://www.vulncheck.com/advisories/dlink-nuclias-connect-forgot-password-account-enumeration dlink.com: https://www.dlink.com/en/for-business/nuclias/nuclias-connect supportannouncement.us.dlink.com: https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10472

Credits

Alex Williams from Pellera Technologies