CVE-2019-25249

Sažetak

devolo dLAN 500 AV Wireless+ 3.1.0-1 contains an authentication bypass vulnerability that allows attackers to enable hidden services through the htmlmgr CGI script. Attackers can enable telnet and remote shell services, reboot the device, and gain root access without a password by manipulating system configuration parameters.

Reference

https://www.devolo.com
https://www.exploit-db.com/exploits/46325
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5508.php
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5508.php

CVSS

Base:	9.8
Impact:	5.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

24-12-2025 - 21:16

Objavljeno

24-12-2025 - 20:15