D-Link Nuclias Connect Directory Traversal Vulnerability Allowing Arbitrary File Deletion

Vulnerability

A directory traversal vulnerability has been identified in D-Link Nuclias Connect firmware versions prior to 1.3.1.4. The vulnerability exists within the '/api/web/dnc/global/database/deleteBackup' endpoint, where improper sanitization of the 'deleteBackupList' parameter allows authenticated attackers to delete arbitrary files. This issue impacts the integrity and availability of the system.

Impact

Exploitation of this vulnerability allows for arbitrary file deletion, which can disrupt system integrity and availability.

Added: Oct 9, 2025, 9:35 PM

Updated: Oct 9, 2025, 9:35 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

D-Link Nuclias Connect Directory Traversal Vulnerability Allowing Arbitrary File Deletion

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating