CVE-2025-34255

Medium CVSS: 6.9

D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Forgot Password' endpoint returns distinct JSON responses depending on whether the supplied email address is associated with an existing account. Because the responses differ in the `data.exist` boolean value, an unauthenticated remote attacker can enumerate valid email addresses/accounts on the server. NOTE: D-Link states that a fix is under development.

Vendor

Dlink

Product

Nuclias Connect

CWE

CWE-204

Yayın Tarihi

2025-10-16 19:15:32

Güncelleme

2025-10-30 16:06:51

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-204 Nuclias Connect MEDIUM Dlink 2025

Referanslar

https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10472 https://www.dlink.com/en/for-business/nuclias/nuclias-connect https://www.vulncheck.com/advisories/dlink-nuclias-connect-forgot-password-account-enumeration

Benzer Kayıtlar

High

CVE-2026-5214

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-32…

Medium

CVE-2026-5215

A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, D…

High

CVE-2026-5213

A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, D…

High

CVE-2026-5212

A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, D…

High

CVE-2026-5211

A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, D…

High

CVE-2026-5024

A vulnerability was found in D-Link DIR-513 1.10. This issue affects the function formSetEmail of the file /goform/formS…