CVE-2025-34048

CWE-22 — Path Traversal CWE-20 — Improper Input Validation4 documents4 sources

Severity

8.7HIGH

EPSS

0.2%

top 53.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

D-link Dsl-2730u D-link Dsl-2750e D-link Dsl-2750u

Timeline

PublishedJun 26

Description

A path traversal vulnerability exists in the web management interface of D-Link DSL-2730U, DSL-2750U, and DSL-2750E ADSL routers with firmware versions IN_1.02, SEA_1.04, and SEA_1.07. The vulnerability is due to insufficient input validation on the getpage parameter within the /cgi-bin/webproc CGI script. This flaw allows an unauthenticated remote attacker to perform path traversal attacks by supplying crafted requests, enabling arbitrary file read on the affected device. Exploitation evidence …

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages3 packages

▶CVEListV5d-link/dsl-2730uIN_1.02

▶CVEListV5d-link/dsl-2750eSEA_1.04, SEA_1.07+1

▶CVEListV5d-link/dsl-2750uSEA_1.04, SEA_1.07+1

🔴Vulnerability Details

CVEList

D-Link DSL-2730U/2750U/2750E Path Traversal Arbitrary File Read↗2025-06-26

▶

GHSA

GHSA-4m2v-gmf9-56qj: A path traversal vulnerability exists in the web management interface of D-Link DSL-2730U, DSL-2750U, and DSL-2750E ADSL routers with firmware version↗2025-06-26

▶

VulnCheck

D-Link dsl-2750u_firmware Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')↗2025

▶