Subscribe via feed.

devolo dLAN 550 duo+ 3.1.0-1 Starter Kit Remote Code Execution

Posted by deepcore on February 5, 2019 – 1:35 pm

devolo dLAN 550 duo+ version 3.1.0-1 suffers from a remote code execution vulnerability. The devolo firmware has what seems to be a ‘hidden’ services which can be enabled by authenticated attacker via the the htmlmgr CGI script. This allows the attacker to start services that are deprecated or discontinued and achieve remote arbitrary code execution with root privileges.


This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.