CVE-2019-25231

High CVSS: 8.5

devolo dLAN Cockpit 4.3.1 contains an unquoted service path vulnerability in the 'DevoloNetworkService' that allows local non-privileged users to potentially execute arbitrary code. Attackers can exploit the insecure service path configuration by inserting malicious code in the system root path to execute with elevated privileges during application startup or system reboot.

Vendor

Product

CWE

CWE-428

Yayın Tarihi

2026-01-08 00:15:57

Güncelleme

2026-01-08 18:08:18

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-428 HIGH 2026

Referanslar

https://cxsecurity.com/issue/WLB-2019020037 https://exchange.xforce.ibmcloud.com/vulnerabilities/156594 https://packetstormsecurity.com/files/151525 https://www.devolo.global/ https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5506.php