CVE-2019-25249

CRITICAL

devolo dLAN 500 AV Wireless+ <3.1.0-1 - Auth Bypass

Title source: llm

Description

devolo dLAN 500 AV Wireless+ 3.1.0-1 contains an authentication bypass vulnerability that allows attackers to enable hidden services through the htmlmgr CGI script. Attackers can enable telnet and remote shell services, reboot the device, and gain root access without a password by manipulating system configuration parameters.

Exploits (1)

exploitdb WORKING POC

by sm · textwebappshardware

https://www.exploit-db.com/exploits/46325

View Code ZIP pw:eip

References (3)

[Various Sources] https://www.devolo.com

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/46325

[Third Party Advisory] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5508.php

Scores

CVSS v3 9.8

EPSS 0.0015

EPSS Percentile 35.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-266

Status published

Products (1)

devolo AG/dLAN 550 duo+ Starter Kit 500 AV Wireless+ 3.1.0-1

Published Dec 24, 2025

Tracked Since Feb 18, 2026