Metrics
Affected Vendors & Products
No advisories yet.
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Fri, 17 Oct 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 16 Oct 2025 19:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Login' endpoint returns distinct JSON responses depending on whether the supplied username is associated with an existing account. Because the responses differ in the `error.message`string value, an unauthenticated remote attacker can enumerate valid usernames/accounts on the server. NOTE: D-Link states that a fix is under development. | |
Title | D-Link Nuclias Connect <= v1.3.1.4 Login Account Enumeration | |
Weaknesses | CWE-204 | |
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2025-10-17T14:29:49.920Z
Reserved: 2025-04-15T19:15:22.578Z
Link: CVE-2025-34254

Updated: 2025-10-17T14:29:47.517Z

Status : Received
Published: 2025-10-16T19:15:32.777
Modified: 2025-10-16T19:15:32.777
Link: CVE-2025-34254

No data.

No data.