Unrated severityNVD Advisory· Published Oct 16, 2025· Updated Mar 23, 2026
D-Link Nuclias Connect <= v1.3.1.4 Forgot Password Account Enumeration
CVE-2025-34255
Description
D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Forgot Password' endpoint returns distinct JSON responses depending on whether the supplied email address is associated with an existing account. Because the responses differ in the data.exist boolean value, an unauthenticated remote attacker can enumerate valid email addresses/accounts on the server. NOTE: D-Link states that a fix is under development.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<=1.3.1.4+ 1 more
- (no CPE)range: <=1.3.1.4
- (no CPE)range: *
Patches
Vulnerability mechanics
References
3- supportannouncement.us.dlink.com/security/publication.aspxmitrevendor-advisory
- www.vulncheck.com/advisories/dlink-nuclias-connect-forgot-password-account-enumerationmitrethird-party-advisory
- www.dlink.com/en/for-business/nuclias/nuclias-connectmitreproduct
News mentions
0No linked articles in our index yet.