CVE-2019-25250

The CVE covers Devolo dLAN 500 AV Wireless+ (firmware 3.1.0-1) with a cross-site request forgery flaw that allows triggering administrative actions via malicious pages when a logged-in user visits. Root cause stated across sources is lack of proper request validation enabling CSRF to trigger unau...