:: Deepquest ::

devolo dLAN 550 duo+ version 3.1.0-1 allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. The devolo web application uses predictable URL/form actions in a repeatable way. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.