Devolo Ag Dlan 550 Duo+ Starter Kit vulnerabilities
2 known vulnerabilities affecting devolo_ag/dlan_550_duo+_starter_kit.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2019-25249P2CRITICALCVSS 9.8v500 AV Wireless+ 3.1.0-12025-12-24
CVE-2019-25249 [CRITICAL] CWE-266 CVE-2019-25249: devolo dLAN 500 AV Wireless+ 3.1.0-1 contains an authentication bypass vulnerability that allows att
devolo dLAN 500 AV Wireless+ 3.1.0-1 contains an authentication bypass vulnerability that allows attackers to enable hidden services through the htmlmgr CGI script. Attackers can enable telnet and remote shell services, reboot the device, and gain root access without a password by manipulating system configuration parameters.
nvd
CVE-2019-25250P4MEDIUMCVSS 5.3v500 AV Wireless+ 3.1.0-12025-12-24
CVE-2019-25250 [MEDIUM] CWE-352 CVE-2019-25250: Devolo dLAN 500 AV Wireless+ 3.1.0-1 contains a cross-site request forgery vulnerability that allows
Devolo dLAN 500 AV Wireless+ 3.1.0-1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages that trigger unauthorized configuration changes by exploiting predictable URL actions when a logged-in user visits the site.
nvd