CVE-2025-34248

Name of the Vulnerable Software and Affected Versions D-Link Nuclias Connect versions prior to 1.3.1.4

Description The software contains a directory traversal issue in the /api/web/dnc/global/database/deleteBackup endpoint. This is due to insufficient input validation of the deleteBackupList parameter. A successful exploit by an authenticated attacker could lead to the deletion of arbitrary files, potentially compromising system integrity and availability.

Recommendations Update to version 1.3.1.4 or later.