CVE-2025-34048

Name of the Vulnerable Software and Affected Versions: D-Link DSL-2730U version IN 1.02 D-Link DSL-2750U version SEA 1.04 D-Link DSL-2750E version SEA 1.07

Description: A path traversal vulnerability exists in the web management interface of D-Link ADSL routers due to insufficient input validation on the getpage parameter within the "/cgi-bin/webproc" CGI script. This flaw allows an unauthenticated remote attacker to perform path traversal attacks by supplying crafted requests, enabling arbitrary file read on the affected device.

Recommendations: For D-Link DSL-2730U version IN 1.02, consider disabling the /cgi-bin/webproc CGI script until a patch is available. For D-Link DSL-2750U version SEA 1.04, restrict access to the getpage parameter to minimize the risk of exploitation. For D-Link DSL-2750E version SEA 1.07, avoid using the getpage parameter in the affected API endpoint until the issue is resolved.