CVE-2025-34048
BaseFortify
Publication date: 2025-06-26
Last updated on: 2025-11-17
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
Exploitation of this vulnerability allows an attacker to remotely read arbitrary files on the affected router without authentication. This can lead to exposure of sensitive information such as hashed user passwords and system configuration files, potentially enabling further attacks or unauthorized access to the device and network. The vulnerability has a high impact on confidentiality and has been observed exploited in the wild. [1, 2]
Can you explain this vulnerability to me?
This vulnerability is a path traversal flaw in the web management interface of certain D-Link ADSL routers (models DSL-2730U, DSL-2750U, and DSL-2750E) running specific firmware versions. It occurs because the router's web interface does not properly validate input on the 'getpage' parameter in the /cgi-bin/webproc CGI script. An unauthenticated remote attacker can exploit this by sending crafted requests to read arbitrary files on the device, including sensitive system files like /etc/shadow. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending crafted HTTP GET requests to the router's web interface targeting the /cgi-bin/webproc CGI script with the getpage parameter set to sensitive file paths, such as /etc/shadow. For example, using curl: curl "http://TARGET:PORT/cgi-bin/webproc?getpage=/etc/shadow&errorpage=html/main.html&var:language=en_us&var:menu=setup&var:page=wizard". If the response contains the contents of the requested file, the device is vulnerable. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the router firmware to a version that patches this vulnerability if available, restricting access to the router's web management interface from untrusted networks, and implementing network-level controls such as firewall rules to block unauthorized access to the /cgi-bin/webproc endpoint. If firmware updates are not available, disabling remote management or limiting it to trusted IP addresses can reduce exposure. [1, 2]