CVE-2025-34255

D-Link Nuclias Connect <= v1.3.1.4 Forgot Password Account Enumeration

CVSS 6.9 MEDIUMEPSS 1.0%CWE-204

In short

D-Link Nuclias Connect's password recovery feature reveals whether an email address is registered by giving different responses. An attacker can use this to discover which email accounts exist in the system without needing to log in.

Technical detail

The 'Forgot Password' endpoint exhibits an observable response discrepancy (CWE-204) where the `data.exist` boolean value differs based on account existence. An unauthenticated remote attacker can enumerate valid email addresses by analyzing JSON response differences, with no authentication required and minimal rate-limiting constraints.

Summary generated and translated by AI from the official description.

D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Forgot Password' endpoint returns distinct JSON responses depending on whether the supplied email address is associated with an existing account. Because the responses differ in the `data.exist` boolean value, an unauthenticated remote attacker can enumerate valid email addresses/accounts on the server. NOTE: D-Link states that a fix is under development.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected products

D-Link · Nuclias Connect

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10472 https://www.dlink.com/en/for-business/nuclias/nuclias-connect https://www.vulncheck.com/advisories/dlink-nuclias-connect-forgot-password-account-enumeration