devolo dLAN 550 duo+ 3.1.0-1 Starter Kit Remote Code Execution
Posted by deepcore on February 5, 2019 – 1:35 pm
devolo dLAN 550 duo+ version 3.1.0-1 suffers from a remote code execution vulnerability. The devolo firmware has what seems to be a ‘hidden’ services which can be enabled by authenticated attacker via the the htmlmgr CGI script. This allows the attacker to start services that are deprecated or discontinued and achieve remote arbitrary code execution with root privileges.
Post a reply
You must be logged in to post a comment.