Dlink Nuclias Connect vulnerabilities

CVE-2025-34253 [MEDIUM] CWE-79 CVE-2025-34253: D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain a stored cross-site scripting (XSS) vuln D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain a stored cross-site scripting (XSS) vulnerability due to improper sanitization of the 'Network' field when editing the configuration, creating a profile, and adding a network. An authenticated attacker can inject arbitrary JavaScript to be executed in the context of other users viewing the p

CVE-2025-34255 [MEDIUM] CWE-204 CVE-2025-34255: D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain an observable response discrepancy vulne D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Forgot Password' endpoint returns distinct JSON responses depending on whether the supplied email address is associated with an existing account. Because the responses differ in the `data.exist` boolean value, an unauthent

CVE-2025-34254 [MEDIUM] CWE-204 CVE-2025-34254: D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain an observable response discrepancy vulne D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Login' endpoint returns distinct JSON responses depending on whether the supplied username is associated with an existing account. Because the responses differ in the `error.message`string value, an unauthenticated remote