216.73.217.86

CVE-2019-25249

· Published 24/12/2025 20:15 · Modified 24/12/2025 21:16

Labels: CVE-2019-25249 2025-12-24CVE-2019-25249CWE-266[email protected]

Essential information

Published
24/12/2025 20:15
Modified
24/12/2025 21:16
Author
Creator
CVSS
8.7 HIGH (v3) 8.7 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

devolo dLAN 500 AV Wireless+ 3.1.0-1 contains an authentication bypass vulnerability that allows attackers to enable hidden services through the htmlmgr CGI script. Attackers can enable telnet and remote shell services, reboot the device, and gain root access without a password by manipulating system configuration parameters.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
devolo / dlan 500 av wireless+ cpe:2.3:a:devolo:dlan_500_av_wireless+:3.1.0-1:*:*:*:*:*:*:*

References