CVE-2019-25250

Sažetak

Devolo dLAN 500 AV Wireless+ 3.1.0-1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages that trigger unauthorized configuration changes by exploiting predictable URL actions when a logged-in user visits the site.

Reference

https://www.devolo.com
https://www.exploit-db.com/exploits/46324
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5507.php
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5507.php

CVSS

Base:	5.3
Impact:	1.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Zadnje važnije ažuriranje

24-12-2025 - 21:16

Objavljeno

24-12-2025 - 20:15