CVE-2019-25231

Name of the Vulnerable Software and Affected Versions devolo dLAN Cockpit version 4.3.1

Description The software contains an unquoted service path issue in the 'DevoloNetworkService'. This allows local, non-privileged users to potentially execute arbitrary code. Exploitation involves leveraging the insecure service path configuration by placing malicious code in the system root path, which then executes with elevated privileges during application startup or system reboot.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.