Description
devolo dLAN Cockpit 4.3.1 contains an unquoted service path vulnerability in the 'DevoloNetworkService' that allows local non-privileged users to potentially execute arbitrary code. Attackers can exploit the insecure service path configuration by inserting malicious code in the system root path to execute with elevated privileges during application startup or system reboot.
References (5)
Core 5
Core References
Third Party Advisory third-party-advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5506.php
Exploit, Third Party Advisory exploit
https://packetstormsecurity.com/files/151525
Third Party Advisory, VDB Entry vdb-entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/156594
Various Sources product
https://www.devolo.global/
Issue Tracking third-party-advisory
https://cxsecurity.com/issue/WLB-2019020037
Scores
CVSS v3
8.4
EPSS
0.0013
EPSS Percentile
3.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-428
Status
published
Published
Jan 08, 2026
Tracked Since
Feb 18, 2026