CVE-2025-34048
published 2025-06-26CVE-2025-34048: A path traversal vulnerability exists in the web management interface of D-Link DSL-2730U, DSL-2750U, and DSL-2750E ADSL routers with firmware versions…
PriorityP183high8.7CVSS 4.0
AVNACLATNPRNUINVCHVINVANSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.59%
43.8th percentile
A path traversal vulnerability exists in the web management interface of D-Link DSL-2730U, DSL-2750U, and DSL-2750E ADSL routers with firmware versions IN_1.02, SEA_1.04, and SEA_1.07. The vulnerability is due to insufficient input validation on the getpage parameter within the /cgi-bin/webproc CGI script. This flaw allows an unauthenticated remote attacker to perform path traversal attacks by supplying crafted requests, enabling arbitrary file read on the affected device. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-04 UTC.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| d-link | dsl-2730u | — | — |
| d-link | dsl-2750e | — | — |
| d-link | dsl-2750e | — | — |
| d-link | dsl-2750u | — | — |
| d-link | dsl-2750u | — | — |
CVSS provenance
nvdv4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vulncheck8.7HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4m2v-gmf9-56qj: A path traversal vulnerability exists in the web management interface of D-Link DSL-2730U, DSL-2750U, and DSL-2750E ADSL routers with firmware version
ghsa_unreviewed·2025-06-26
CVE-2025-34048 [HIGH] CWE-20 GHSA-4m2v-gmf9-56qj: A path traversal vulnerability exists in the web management interface of D-Link DSL-2730U, DSL-2750U, and DSL-2750E ADSL routers with firmware version
A path traversal vulnerability exists in the web management interface of D-Link DSL-2730U, DSL-2750U, and DSL-2750E ADSL routers with firmware versions IN_1.02, SEA_1.04, and SEA_1.07. The vulnerability is due to insufficient input validation on the getpage parameter within the /cgi-bin/webproc CGI script. This flaw allows an unauthenticated remote attacker to perform path traversal attacks by supplying crafted requests, enabling arbitrary file read on the affected device.
VulnCheck
D-Link dsl-2750u_firmware Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulncheck·2025·CVSS 8.7
CVE-2025-34048 [HIGH] D-Link dsl-2750u_firmware Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
D-Link dsl-2750u_firmware Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
A path traversal vulnerability exists in the web management interface of D-Link DSL-2730U, DSL-2750U, and DSL-2750E ADSL routers with firmware versions IN_1.02, SEA_1.04, and SEA_1.07. The vulnerability is due to insufficient input validation on the getpage parameter within the /cgi-bin/webproc CGI script. This flaw allows an unauthenticated remote attacker to perform path traversal attacks by supplying crafted requests, enabling arbitrary file read on the affected device. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-04 UTC.
Affected: D-Link DSL-2730U/2750U/2750E
Required Action: Apply remediations or mitigations per vendor instructions or discontinue
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-06-26
Published
Exploited in the wild