Details of VAR-201702-1102

ID

VAR-201702-1102

CVE

CVE-2025-34048

TITLE

D-Link ADSL Router Information Disclosure Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2017-01708

DESCRIPTION

A path traversal vulnerability exists in the web management interface of D-Link DSL-2730U, DSL-2750U, and DSL-2750E ADSL routers with firmware versions IN_1.02, SEA_1.04, and SEA_1.07. The vulnerability is due to insufficient input validation on the getpage parameter within the /cgi-bin/webproc CGI script. This flaw allows an unauthenticated remote attacker to perform path traversal attacks by supplying crafted requests, enabling arbitrary file read on the affected device. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-04 UTC. D-LinkADSLRouterDSL-2730U, DSL-2750U, DSL-2750E are a variety of wireless router products. The D-LinkADSL router has an information disclosure vulnerability that allows an attacker to exploit sensitive information

Trust: 1.44

sources: NVD: CVE-2025-34048 // CNVD: CNVD-2017-01708

IOT TAXONOMY

category:

['IoT', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-01708

AFFECTED PRODUCTS

vendor:	d link	model:	dsl-2730u in 1.02	scope:	-	version:	-	Trust: 0.6
vendor:	d link	model:	2750u sea 1.04	scope:	-	version:	-	Trust: 0.6
vendor:	d link	model:	2750e sea 1.07	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2017-01708

CVSS

SEVERITY

CVSSV2

CVSSV3

disclosure@vulncheck.com:	CVE-2025-34048
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2017-01708
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2017-01708
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2017-01708 // NVD: CVE-2025-34048

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.0

sources: NVD: CVE-2025-34048

EXTERNAL IDS

db:	EXPLOIT-DB	id:	40735	Trust: 1.6
db:	NVD	id:	CVE-2025-34048	Trust: 1.0
db:	EXPLOITDB	id:	40735	Trust: 0.6
db:	CNVD	id:	CNVD-2017-01708	Trust: 0.6

sources: CNVD: CNVD-2017-01708 // NVD: CVE-2025-34048

REFERENCES

url:	https://www.exploit-db.com/exploits/40735	Trust: 1.0
url:	https://www.dlink.com	Trust: 1.0
url:	https://github.com/threat9/routersploit/blob/master/routersploit/modules/exploits/routers/dlink/dsl_2730_2750_path_traversal.py	Trust: 1.0
url:	https://vulncheck.com/advisories/dlink-dsl-routers-path-traversal-file-read	Trust: 1.0
url:	https://www.exploit-db.com/exploits/40735/	Trust: 0.6

sources: CNVD: CNVD-2017-01708 // NVD: CVE-2025-34048

SOURCES

db:	CNVD	id:	CNVD-2017-01708
db:	NVD	id:	CVE-2025-34048

LAST UPDATE DATE

2025-11-18T15:15:04.814000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-01708	date:	2017-02-21T00:00:00
db:	NVD	id:	CVE-2025-34048	date:	2025-11-17T22:15:47.407

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-01708	date:	2017-02-21T00:00:00
db:	NVD	id:	CVE-2025-34048	date:	2025-06-26T16:15:28.273