devolo dLAN 500 AV Wireless+ 3.1.0-1 contains an authentication bypass vulnerability that allows attackers to enable hidden services through the htmlmgr CGI script. Attackers can enable telnet and remote shell services, reboot the device, and gain root access without a password by manipulating system configuration parameters.
PUBLISHED5.2CWE-266
devolo dLAN 500 AV Wireless+ 3.1.0-1 Remote Code Execution via htmlmgr
Problem type
Affected products
devolo AG
dLAN 550 duo+ Starter Kit
500 AV Wireless+ 3.1.0-1 - AFFECTED
References
ExploitDB-46325
https://www.exploit-db.com/exploits/46325
Official Vendor Homepage
https://www.devolo.com
Zero Science Lab Disclosure (ZSL-2019-5508)
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5508.php
GitHub Security Advisories
GHSA-p782-2pf9-qvmm
devolo dLAN 500 AV Wireless+ 3.1.0-1 contains an authentication bypass vulnerability that allows...
https://github.com/advisories/GHSA-p782-2pf9-qvmmdevolo dLAN 500 AV Wireless+ 3.1.0-1 contains an authentication bypass vulnerability that allows attackers to enable hidden services through the htmlmgr CGI script. Attackers can enable telnet and remote shell services, reboot the device, and gain root access without a password by manipulating system configuration parameters.
JSON source
https://cveawg.mitre.org/api/cve/CVE-2019-25249Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2019-25249",
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"dateUpdated": "2025-12-24T20:22:26.831Z",
"dateReserved": "2025-12-24T14:27:12.477Z",
"datePublished": "2025-12-24T19:28:02.779Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck",
"dateUpdated": "2025-12-24T19:28:02.779Z"
},
"datePublic": "2017-10-04T00:00:00.000Z",
"title": "devolo dLAN 500 AV Wireless+ 3.1.0-1 Remote Code Execution via htmlmgr",
"descriptions": [
{
"lang": "en",
"value": "devolo dLAN 500 AV Wireless+ 3.1.0-1 contains an authentication bypass vulnerability that allows attackers to enable hidden services through the htmlmgr CGI script. Attackers can enable telnet and remote shell services, reboot the device, and gain root access without a password by manipulating system configuration parameters."
}
],
"affected": [
{
"vendor": "devolo AG",
"product": "dLAN 550 duo+ Starter Kit",
"versions": [
{
"version": "500 AV Wireless+ 3.1.0-1",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "Incorrect Privilege Assignment",
"cweId": "CWE-266",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://www.exploit-db.com/exploits/46325",
"name": "ExploitDB-46325",
"tags": [
"exploit"
]
},
{
"url": "https://www.devolo.com",
"name": "Official Vendor Homepage",
"tags": [
"product"
]
},
{
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5508.php",
"name": "Zero Science Lab Disclosure (ZSL-2019-5508)",
"tags": [
"third-party-advisory"
]
}
],
"metrics": [
{
"format": "CVSS"
},
{
"format": "CVSS",
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
}
}
],
"credits": [
{
"lang": "en",
"value": "Stefan Petrushevski aka sm @zeroscience",
"type": "finder"
}
]
},
"adp": [
{
"providerMetadata": {
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP",
"dateUpdated": "2025-12-24T20:22:26.831Z"
},
"title": "CISA ADP Vulnrichment",
"references": [
{
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5508.php",
"tags": [
"exploit"
]
}
],
"metrics": [
{}
]
}
]
}
}