devolo dLAN 500 AV Wireless+ 3.1.0-1 Remote Code Execution via htmlmgr

Advisories

severity: high
date: December 24, 2025
Affecting: dLAN 550 duo+ Starter Kit 500 AV Wireless+ 3.1.0-1
CVE: CVE-2019-25249
CWE: CWE-266 Incorrect Privilege Assignment
CVSS: 8.7
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
References: ExploitDB-46325
Official Vendor Homepage
Zero Science Lab Disclosure (ZSL-2019-5508)
Credit: Stefan Petrushevski aka sm @zeroscience
Description: devolo dLAN 500 AV Wireless+ 3.1.0-1 contains an authentication bypass vulnerability that allows attackers to enable hidden services through the htmlmgr CGI script. Attackers can enable telnet and remote shell services, reboot the device, and gain root access without a password by manipulating system configuration parameters.