D-Link Nuclias Connect
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in D-Link Nuclias Connect.
By the Year
In 2026 there have been 0 vulnerabilities in D-Link Nuclias Connect. Last year, in 2025 Nuclias Connect had 4 security vulnerabilities published. Right now, Nuclias Connect is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 4 | 0.00 |
It may take a day or so for new Nuclias Connect vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent D-Link Nuclias Connect Security Vulnerabilities
Stored XSS via Network Field in D-Link Nuclias Connect <=1.3.1.4
CVE-2025-34253
- October 16, 2025
D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain a stored cross-site scripting (XSS) vulnerability due to improper sanitization of the 'Network' field when editing the configuration, creating a profile, and adding a network. An authenticated attacker can inject arbitrary JavaScript to be executed in the context of other users viewing the profile entry. NOTE: D-Link states that a fix is under development.
XSS
D-Link Nuclias Connect v<=1.3.1.4 Email Enum via ForgotPwd JSON
CVE-2025-34255
- October 16, 2025
D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Forgot Password' endpoint returns distinct JSON responses depending on whether the supplied email address is associated with an existing account. Because the responses differ in the `data.exist` boolean value, an unauthenticated remote attacker can enumerate valid email addresses/accounts on the server. NOTE: D-Link states that a fix is under development.
Observable Response Discrepancy
D-Link Nuclias Connect <=1.3.1.4 Username Enumeration via JSON Login Response
CVE-2025-34254
- October 16, 2025
D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Login' endpoint returns distinct JSON responses depending on whether the supplied username is associated with an existing account. Because the responses differ in the `error.message`string value, an unauthenticated remote attacker can enumerate valid usernames/accounts on the server. NOTE: D-Link states that a fix is under development.
Observable Response Discrepancy
D-Link Nuclias Connect <1.3.1.4 DIR Traversal via deleteBackupList
CVE-2025-34248
- October 09, 2025
D-Link Nuclias Connect firmware versions < 1.3.1.4 contain a directory traversal vulnerability within /api/web/dnc/global/database/deleteBackup due to improper sanitization of the deleteBackupList parameter. This can allow an authenticated attacker to delete arbitrary files impacting the integrity and availability of the system.
Directory traversal
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for D-Link Nuclias Connect or by D-Link? Click the Watch button to subscribe.
