CVE-2025-34048 Information

Jun 27, 2025 cve

Description

A path traversal vulnerability exists in the web management interface of D-Link DSL-2730U DSL-2750U and DSL-2750E ADSL routers with firmware versions IN_1.02 SEA_1.04 and SEA_1.07. The vulnerability is due to insufficient input validation on the getpage parameter within the /cgi-bin/webproc CGI script. This flaw allows an unauthenticated remote attacker to perform path traversal attacks by supplying crafted requests enabling arbitrary file read on the affected device.

Reference

https://github.com/threat9/routersploit/blob/master/routersploit/modules/exploits/routers/dlink/dsl_2730_2750_path_traversal.py https://vulncheck.com/advisories/dlink-dsl-routers-path-traversal-file-read https://www.dlink.com https://www.exploit-db.com/exploits/40735

CNNVD-202506-3337 (Published: 2025-06-26)

Share on:

CVE-2025-34048 Information

Description

Reference

Related CNNVD