← Retour aux CVEs
CVE-2019-25249
CRITICAL9.8
Description
devolo dLAN 500 AV Wireless+ 3.1.0-1 contains an authentication bypass vulnerability that allows attackers to enable hidden services through the htmlmgr CGI script. Attackers can enable telnet and remote shell services, reboot the device, and gain root access without a password by manipulating system configuration parameters.
Details CVE
Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie12/24/2025
Derniere modification12/29/2025
Sourcenvd
Observations honeypot0
Faiblesses (CWE)
CWE-266
References
https://www.devolo.com(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/46325(disclosure@vulncheck.com)
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5508.php(disclosure@vulncheck.com)
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5508.php(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.