← voltar
CVE-2019-25249

devolo dLAN 500 AV Wireless+ 3.1.0-1 Remote Code Execution via htmlmgr

CVSS 8.7 HIGHEPSS 0.4%CWE-266
devolo dLAN 500 AV Wireless+ 3.1.0-1 contains an authentication bypass vulnerability that allows attackers to enable hidden services through the htmlmgr CGI script. Attackers can enable telnet and remote shell services, reboot the device, and gain root access without a password by manipulating system configuration parameters.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Produtos afetados
devolo AG · dLAN 550 duo+ Starter Kit

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.devolo.comhttps://www.exploit-db.com/exploits/46325https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5508.php