CVE-2019-25231 devolo dLAN Cockpit 4.3.1 Unquoted Service Path Privilege Escalation

devolo dLAN Cockpit 4.3.1 contains an unquoted service path vulnerability in the 'DevoloNetworkService' that allows local non-privileged users to potentially execute arbitrary code. Attackers can exploit the insecure service path configuration by inserting malicious code in the system root path t...

CVE-2019-25231

Summary of CVE-2019-25231 (Devolo dLAN Cockpit 4.3.1) : The unquoted service path vulnerability affects the DevoloNetworkService in devolo dLAN Cockpit 4.3.1, allowing local, non-privileged users to potentially execute arbitrary code by placing malicious code in the system root path. This could e...

PT-2026-1671

Name of the Vulnerable Software and Affected Versions devolo dLAN Cockpit version 4.3.1 Description The software contains an unquoted service path issue in the 'DevoloNetworkService'. This allows local, non-privileged users to potentially execute arbitrary code. Exploitation involves leveraging t...

CVE-2019-25250

Devolo dLAN 500 AV Wireless+ 3.1.0-1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages that trigger unauthorized configuration changes by exploiting predictable URL...

CVE-2019-25249

devolo dLAN 500 AV Wireless+ 3.1.0-1 contains an authentication bypass vulnerability that allows attackers to enable hidden services through the htmlmgr CGI script. Attackers can enable telnet and remote shell services, reboot the device, and gain root access without a password by manipulating...

CVE-2019-25250

The CVE covers Devolo dLAN 500 AV Wireless+ (firmware 3.1.0-1) with a cross-site request forgery flaw that allows triggering administrative actions via malicious pages when a logged-in user visits. Root cause stated across sources is lack of proper request validation enabling CSRF to trigger unau...

CVE-2019-25250 Devolo dLAN 500 AV Wireless+ 3.1.0-1 Cross-Site Request Forgery

Devolo dLAN 500 AV Wireless+ 3.1.0-1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages that trigger unauthorized configuration changes by exploiting predictable URL...

CVE-2019-25250 Devolo dLAN 500 AV Wireless+ 3.1.0-1 Cross-Site Request Forgery

Devolo dLAN 500 AV Wireless+ 3.1.0-1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages that trigger unauthorized configuration changes by exploiting predictable URL...

CVE-2019-25249 devolo dLAN 500 AV Wireless+ 3.1.0-1 Remote Code Execution via htmlmgr

devolo dLAN 500 AV Wireless+ 3.1.0-1 contains an authentication bypass vulnerability that allows attackers to enable hidden services through the htmlmgr CGI script. Attackers can enable telnet and remote shell services, reboot the device, and gain root access without a password by manipulating...

Devolo dLAN 500 AV Wireless+ 安全漏洞

The Devolo dLAN 500 AV Wireless+ is a powerline communication adapter from Devolo, Germany. A security vulnerability exists in the Devolo dLAN 500 AV Wireless+ version 3.1.0-1, which stems from an authentication bypass that could result in enabling hidden services and gaining root privileges...

PT-2025-53336

Name of the Vulnerable Software and Affected Versions Devolo dLAN 500 AV Wireless+ version 3.1.0-1 Description The software contains a cross-site request forgery issue that enables attackers to perform administrative actions without proper request validation. Attackers can create malicious web...

Devolo dLAN 500 AV Wireless+ 安全漏洞

Devolo dLAN 500 AV Wireless+ is a powerline communication adapter from Devolo, Germany. A security vulnerability exists in the Devolo dLAN 500 AV Wireless+ version 3.1.0-1 that stems from a lack of proper request validation and could lead to a cross-site request forgery attack...

devolo dLAN Cockpit 4.3.1 Unquoted Service Path Privilege Escalation

Summary devolo dLAN® Cockpit is a software tool that allows devolo customers to monitor and optimise their dLAN® network using a software tool. Description The application suffers from an unquoted search path issue impacting the service 'DevoloNetworkService' for Windows deployed as part of Devol...

devolo dLAN 550 duo+ Starter Kit Remote Code Execution

Summary Devolo dLAN® 550 duo+ Starter Kit is Powerlineadapter which is a cost-effective and helpful networking alternative for any location without structured network wiring. Especially in buildings or residences lacking network cables or where updating the wiring would be expensive and...