Vulnerability Database

314,615

Total vulnerabilities in the database

CVE-2019-25249

devolo dLAN 500 AV Wireless+ 3.1.0-1 contains an authentication bypass vulnerability that allows attackers to enable hidden services through the htmlmgr CGI script. Attackers can enable telnet and remote shell services, reboot the device, and gain root access without a password by manipulating system configuration parameters.

Published: Dec 24, 2025
Updated: Dec 25, 2025
CVE: CVE-2019-25249
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-266

Affected Software
References

No affected software listed.

https://www.devolo.com
https://www.exploit-db.com/exploits/46325
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5508.php

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo