CVE-2025-34048

216.73.216.233

· Published 26/06/2025 16:15 · Modified 26/06/2025 18:57

Labels: CVE-2025-34048 2025-06-26 CVE-2025-34048 CWE-20 [email protected]

Essential information

Published: 26/06/2025 16:15
Modified: 26/06/2025 18:57
Author: —
Creator: —
CVSS: 8.7 HIGH (v3) 8.7 HIGH (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

A path traversal vulnerability exists in the web management interface of D-Link DSL-2730U, DSL-2750U, and DSL-2750E ADSL routers with firmware versions IN_1.02, SEA_1.04, and SEA_1.07. The vulnerability is due to insufficient input validation on the getpage parameter within the /cgi-bin/webproc CGI script. This flaw allows an unauthenticated remote attacker to perform path traversal attacks by supplying crafted requests, enabling arbitrary file read on the affected device.

NVD status

Status: Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
d-link / dsl-2730u	`cpe:2.3:h:d-link:dsl-2730u::IN_1.02::::::*`
d-link / dsl-2750u	`cpe:2.3:h:d-link:dsl-2750u::SEA_1.04::::::*`
d-link / dsl-2750e	`cpe:2.3:h:d-link:dsl-2750e::SEA_1.07::::::*`