Metrics
Affected Vendors & Products
No advisories yet.
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Fri, 17 Oct 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 16 Oct 2025 19:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Forgot Password' endpoint returns distinct JSON responses depending on whether the supplied email address is associated with an existing account. Because the responses differ in the `data.exist` boolean value, an unauthenticated remote attacker can enumerate valid email addresses/accounts on the server. NOTE: D-Link states that a fix is under development. | |
Title | D-Link Nuclias Connect <= v1.3.1.4 Forgot Password Account Enumeration | |
Weaknesses | CWE-204 | |
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2025-10-17T14:29:17.095Z
Reserved: 2025-04-15T19:15:22.578Z
Link: CVE-2025-34255

Updated: 2025-10-17T14:29:14.522Z

Status : Received
Published: 2025-10-16T19:15:32.920
Modified: 2025-10-16T19:15:32.920
Link: CVE-2025-34255

No data.

No data.