Details of VAR-201902-1018

ID

VAR-201902-1018

CVE

CVE-2019-25250

TITLE

devolo dLAN 550 duo+ Starter Kit Remote Code Execution

Trust: 0.1

sources: ZSL: ZSL-2019-5508

DESCRIPTION

Devolo dLAN 500 AV Wireless+ 3.1.0-1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages that trigger unauthorized configuration changes by exploiting predictable URL actions when a logged-in user visits the site. Devolo dLAN® 550 duo+ Starter Kit is Powerlineadapter which isa cost-effective and helpful networking alternative for any locationwithout structured network wiring. Especially in buildings or residenceslacking network cables or where updating the wiring would be expensiveand complicated, Powerline adapters provide networking at high transmissionrates.The web application allows users to perform certain actions via HTTPrequests without performing any validity checks to verify the requests

Trust: 1.08

sources: NVD: CVE-2019-25250 // ZSL: ZSL-2019-5508 // ZSL: ZSL-2019-5507

AFFECTED PRODUCTS

vendor:

devolo

model:

dlan

scope:

version:

dlan 500 av wireless+ 3.1.0-1 (i386)

Trust: 0.2

sources: ZSL: ZSL-2019-5508 // ZSL: ZSL-2019-5507

CVSS

SEVERITY

CVSSV2

CVSSV3

disclosure@vulncheck.com:	CVE-2019-25250
value:	MEDIUM
Trust: 1.0
ZSL:	ZSL-2019-5508
value:	(4/5)
Trust: 0.1
ZSL:	ZSL-2019-5507
value:	(3/5)
Trust: 0.1

disclosure@vulncheck.com:	CVE-2019-25250
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0

sources: ZSL: ZSL-2019-5508 // ZSL: ZSL-2019-5507 // NVD: CVE-2019-25250

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.0

sources: NVD: CVE-2019-25250

TYPE

Remote/Local,System Access, DoS

Trust: 0.1

sources: ZSL: ZSL-2019-5508

EXPLOIT AVAILABILITY

sources: ZSL: ZSL-2019-5508 // ZSL: ZSL-2019-5507

EXTERNAL IDS

db:	ZSL	id:	ZSL-2019-5507	Trust: 1.2
db:	EXPLOIT-DB	id:	46324	Trust: 1.1
db:	NVD	id:	CVE-2019-25250	Trust: 1.0
db:	ZSL	id:	ZSL-2019-5508	Trust: 0.2
db:	EXPLOIT-DB	id:	46325	Trust: 0.1
db:	CXSECURITY	id:	WLB-2019020038	Trust: 0.1
db:	PACKETSTORM	id:	151527	Trust: 0.1
db:	PACKETSTORM	id:	151526	Trust: 0.1
db:	CXSECURITY	id:	WLB-2019020039	Trust: 0.1

sources: ZSL: ZSL-2019-5508 // ZSL: ZSL-2019-5507 // NVD: CVE-2019-25250

REFERENCES

url:	https://www.zeroscience.mk/en/vulnerabilities/zsl-2019-5507.php	Trust: 1.1
url:	https://www.exploit-db.com/exploits/46324	Trust: 1.1
url:	https://www.devolo.com	Trust: 1.0
url:	https://www.exploit-db.com/exploits/46325	Trust: 0.1
url:	https://packetstormsecurity.com/files/151527	Trust: 0.1
url:	https://cxsecurity.com/issue/wlb-2019020038	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/156596	Trust: 0.1
url:	https://www.zeroscience.mk/en/vulnerabilities/zsl-2019-5508.php	Trust: 0.1
url:	https://packetstormsecurity.com/files/151526	Trust: 0.1
url:	https://cxsecurity.com/issue/wlb-2019020039	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/156595	Trust: 0.1

sources: ZSL: ZSL-2019-5508 // ZSL: ZSL-2019-5507 // NVD: CVE-2019-25250

CREDITS

Vulnerability discovered by Stefan Petrushevski

Trust: 0.2

sources: ZSL: ZSL-2019-5508 // ZSL: ZSL-2019-5507

SOURCES

db:	ZSL	id:	ZSL-2019-5508
db:	ZSL	id:	ZSL-2019-5507
db:	NVD	id:	CVE-2019-25250

LAST UPDATE DATE

2026-01-15T23:29:33.096000+00:00

SOURCES UPDATE DATE

db:	ZSL	id:	ZSL-2019-5508	date:	2019-02-10T00:00:00
db:	ZSL	id:	ZSL-2019-5507	date:	2019-02-10T00:00:00
db:	NVD	id:	CVE-2019-25250	date:	2025-12-29T15:58:13.147

SOURCES RELEASE DATE

db:	ZSL	id:	ZSL-2019-5508	date:	2019-02-03T00:00:00
db:	ZSL	id:	ZSL-2019-5507	date:	2019-02-03T00:00:00
db:	NVD	id:	CVE-2019-25250	date:	2025-12-24T20:15:53.403