VYPR

Nuclias Connect

by Dlink

CVEs (4)

  • CVE-2025-34248HigOct 9, 2025
    risk 0.47cvss epss 0.01

    D-Link Nuclias Connect firmware versions < 1.3.1.4 contain a directory traversal vulnerability within /api/web/dnc/global/database/deleteBackup due to improper sanitization of the deleteBackupList parameter. This can allow an authenticated attacker to delete arbitrary files…

  • CVE-2025-34253Oct 16, 2025
    risk 0.00cvss epss 0.01

    D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain a stored cross-site scripting (XSS) vulnerability due to improper sanitization of the 'Network' field when editing the configuration, creating a profile, and adding a network. An authenticated attacker can inject…

  • CVE-2025-34255Oct 16, 2025
    risk 0.00cvss epss 0.01

    D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Forgot Password' endpoint returns distinct JSON responses depending on whether the supplied email address is associated with an existing account.…

  • CVE-2025-34254Oct 16, 2025
    risk 0.00cvss epss 0.01

    D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Login' endpoint returns distinct JSON responses depending on whether the supplied username is associated with an existing account. Because the…