CVE-2019-25249

🗓️ 24 Dec 2025 19:28:02Reported by VulnCheckType

cve🔗 web.nvd.nist.gov👁 8 Views🌐 WEB

CVE-2019-25249 auth bypass in devolo dLAN 500 AV Wireless+ enables hidden services, telnet, remote shell, reboot, and root access.

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2019-25249	24 Dec 202520:25	–	circl
CNNVD	Devolo dLAN 500 AV Wireless+ 安全漏洞	24 Dec 202500:00	–	cnnvd
Cvelist	CVE-2019-25249 devolo dLAN 500 AV Wireless+ 3.1.0-1 Remote Code Execution via htmlmgr	24 Dec 202519:28	–	cvelist
EUVD	EUVD-2025-205315	24 Dec 202521:30	–	euvd
NVD	CVE-2019-25249	24 Dec 202520:15	–	nvd
Positive Technologies	PT-2025-53335	24 Dec 202500:00	–	ptsecurity
Vulnrichment	CVE-2019-25249 devolo dLAN 500 AV Wireless+ 3.1.0-1 Remote Code Execution via htmlmgr	24 Dec 202519:28	–	vulnrichment
Zero Science Lab	devolo dLAN 550 duo+ Starter Kit Remote Code Execution	3 Feb 201900:00	–	zeroscience

Vulners

Node

devolo_ag dlan_550_duo+_starter_kitMatch500_av_wireless+_3.1.0-1

[
  {
    "vendor": "devolo AG",
    "product": "dLAN 550 duo+ Starter Kit",
    "versions": [
      {
        "version": "500 AV Wireless+ 3.1.0-1",
        "status": "affected"
      }
    ]
  }
]

Source	Link
exploit-db	www.exploit-db.com/exploits/46325
devolo	www.devolo.com/
zeroscience	www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5508.php

Parameter	Position	Path	Description	CWE
System.Baptization.Telnetd	path	/cgi-bin/htmlmgr	Authentication bypass via htmlmgr CGI to enable deprecated services (telnet/remote shell) and reboot, enabling remote root access.	CWE-266
System.Baptization.shell	path	/cgi-bin/htmlmgr	Authentication bypass via htmlmgr CGI to enable deprecated services (telnet/remote shell) and reboot, enabling remote root access.	CWE-266
System.Reboot	path	/cgi-bin/htmlmgr	Authentication bypass via htmlmgr CGI to enable deprecated services (telnet/remote shell) and reboot, enabling remote root access.	CWE-266

15 Apr 2026 00:35Current

7.1High risk

Vulners AI Score7.1

CVSS 48.7

CVSS 3.19.8

EPSS0.00104

SSVC

CWE-266