CVE-2025-34254

Name of the Vulnerable Software and Affected Versions D-Link Nuclias Connect versions 1.3.1.4 and earlier

Description The application’s 'Login' endpoint, /Login, exhibits an observable response discrepancy. The endpoint returns different JSON responses based on whether the provided username is linked to an existing account. These differing responses, specifically in the error.message string, allow a remote attacker to enumerate valid usernames and accounts on the server without authentication.

Recommendations Versions prior to 1.3.1.4 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.