CVE-2019-25231 | THREATINT

Description

devolo dLAN Cockpit 4.3.1 contains an unquoted service path vulnerability in the 'DevoloNetworkService' that allows local non-privileged users to potentially execute arbitrary code. Attackers can exploit the insecure service path configuration by inserting malicious code in the system root path to execute with elevated privileges during application startup or system reboot.

PUBLISHED Reserved 2025-12-17 | Published 2026-01-07 | Updated 2026-01-08 | Assigner VulnCheck

HIGH: 8.5CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

HIGH: 8.4CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

Unquoted Search Path or Element

Product status

4.3.1

affected

Credits

Stefan Petrushevski finder

References

www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5506.php (Zero Science Lab Vulnerability Advisory) third-party-advisory

packetstormsecurity.com/files/151525 (Packet Storm Security Exploit Entry) exploit

cxsecurity.com/issue/WLB-2019020037 (CXSecurity Vulnerability Listing) third-party-advisory

exchange.xforce.ibmcloud.com/vulnerabilities/156594 (IBM X-Force Vulnerability Exchange) vdb-entry

www.devolo.global/ (Devolo Vendor Homepage) product

cve.org (CVE-2019-25231)

nvd.nist.gov (CVE-2019-25231)

Download JSON