CVE-2019-25249 HIGH

CVE-2019-25249: devolo dLAN 500 AV Wireless+ 3.1.0-1 Remote Code Execution via htmlmgr

Vendor Devolo Ag
Product dLAN 550 duo+ Starter Kit
Weakness CWE-266
Published December 24, 2025
Last update December 24, 2025

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

devolo dLAN 500 AV Wireless+ 3.1.0-1 contains an authentication bypass vulnerability that allows attackers to enable hidden services through the htmlmgr CGI script. Attackers can enable telnet and remote shell services, reboot the device, and gain root access without a password by manipulating system configuration parameters.

Key dates

02Disclosure timeline

December 24, 2025 CVE published
December 24, 2025 Record updated