PT-2025-53335 · Devolo · Devolo Dlan 500 Av Wireless+

Published

2025-12-24

Updated

2025-12-24

CVE-2019-25249

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions devolo dLAN 500 AV Wireless+ version 3.1.0-1

Description The device contains a flaw that allows attackers to bypass authentication and enable hidden services through the htmlmgr CGI script. Attackers can enable services like telnet and remote shell, reboot the device, and obtain root access without a password by manipulating system configuration parameters.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Incorrect Privilege Assignment

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-266

Related Identifiers

CVE-2019-25249

Affected Products

Devolo Dlan 500 Av Wireless+

PT-2025-53335 · Devolo · Devolo Dlan 500 Av Wireless+

CVE-2019-25249

Weakness Enumeration

Related Identifiers

Affected Products

References · 5