Home / os / winmobile

devolo dLAN 550 duo+ 3.1.0-1 Starter Kit Remote Code Execution

Posted on 05 February 2019

devolo dLAN 550 duo+ version 3.1.0-1 suffers from a remote code execution vulnerability. The devolo firmware has what seems to be a 'hidden' services which can be enabled by authenticated attacker via the the htmlmgr CGI script. This allows the attacker to start services that are deprecated or discontinued and achieve remote arbitrary code execution with root privileges.

 

TOP

Malware :

Exploits :