Skip to main content

CVE-2025-34048: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in D-Link DSL-2730U

High
VulnerabilityCVE-2025-34048cvecve-2025-34048cwe-22cwe-20
Published: Thu Jun 26 2025 (06/26/2025, 15:52:04 UTC)
Source: CVE Database V5
Vendor/Project: D-Link
Product: DSL-2730U

Description

A path traversal vulnerability exists in the web management interface of D-Link DSL-2730U, DSL-2750U, and DSL-2750E ADSL routers with firmware versions IN_1.02, SEA_1.04, and SEA_1.07. The vulnerability is due to insufficient input validation on the getpage parameter within the /cgi-bin/webproc CGI script. This flaw allows an unauthenticated remote attacker to perform path traversal attacks by supplying crafted requests, enabling arbitrary file read on the affected device.

AI-Powered Analysis

AILast updated: 06/26/2025, 16:20:14 UTC

Technical Analysis

CVE-2025-34048 is a high-severity path traversal vulnerability affecting certain D-Link ADSL router models, specifically the DSL-2730U, DSL-2750U, and DSL-2750E running firmware versions IN_1.02, SEA_1.04, and SEA_1.07. The vulnerability arises from insufficient input validation on the 'getpage' parameter within the /cgi-bin/webproc CGI script of the router's web management interface. An unauthenticated remote attacker can exploit this flaw by crafting malicious HTTP requests that manipulate the 'getpage' parameter to traverse directories outside the intended restricted directory. This allows arbitrary file read access on the device, potentially exposing sensitive configuration files, credentials, or other critical system information stored on the router. The vulnerability does not require authentication, user interaction, or elevated privileges, making it highly exploitable remotely over the network. The CVSS 4.0 base score is 8.7, reflecting the ease of exploitation (network attack vector, low complexity), no required privileges or user interaction, and a high impact on confidentiality due to arbitrary file disclosure. While no known exploits are currently reported in the wild, the vulnerability's nature and accessibility make it a significant risk for affected devices. The lack of available patches or updates at the time of publication further exacerbates the threat, leaving devices exposed until mitigations or firmware updates are released by D-Link.

Potential Impact

For European organizations, this vulnerability poses a substantial risk, especially for small and medium enterprises or residential users relying on D-Link DSL-2730U series routers for internet connectivity. Exploitation could lead to disclosure of sensitive information such as network configuration, administrative credentials, or user data, enabling further attacks like network intrusion, man-in-the-middle, or persistent compromise. Critical infrastructure or organizations with remote offices using these routers may face increased exposure to espionage or sabotage. The ability to read arbitrary files without authentication could also facilitate lateral movement within internal networks if attackers gain initial footholds. Additionally, compromised routers could be leveraged as entry points for broader attacks against corporate networks or as part of botnets. The impact on confidentiality is high, while integrity and availability impacts are indirect but possible if attackers use disclosed information to disrupt services or manipulate configurations.

Mitigation Recommendations

1. Immediate mitigation should include isolating affected routers from untrusted networks, especially restricting remote access to the web management interface. 2. Network administrators should disable remote management features or restrict access via firewall rules to trusted IP addresses only. 3. Monitor network traffic for suspicious requests targeting the /cgi-bin/webproc endpoint with unusual 'getpage' parameter values indicative of path traversal attempts. 4. Where possible, replace or upgrade affected devices to models with patched firmware versions once available from D-Link. 5. If firmware updates are not yet released, consider deploying network-level intrusion prevention systems (IPS) with custom signatures to detect and block exploitation attempts. 6. Conduct regular audits of router configurations and logs to detect unauthorized access or anomalies. 7. Educate users and administrators about the risks of using outdated firmware and the importance of timely updates. 8. Implement network segmentation to limit the exposure of critical systems behind vulnerable routers.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
VulnCheck
Date Reserved
2025-04-15T19:15:22.547Z
Cvss Version
4.0
State
PUBLISHED

Threat ID: 685d6fabca1063fb8742bc0f

Added to database: 6/26/2025, 4:04:59 PM

Last enriched: 6/26/2025, 4:20:14 PM

Last updated: 8/17/2025, 9:17:39 AM

Views: 43

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats