VAR-201902-1018
Vulnerability from variot - Updated: 2022-10-19 22:19Devolo dLAN® 550 duo+ Starter Kit is Powerlineadapter which isa cost-effective and helpful networking alternative for any locationwithout structured network wiring. Especially in buildings or residenceslacking network cables or where updating the wiring would be expensiveand complicated, Powerline adapters provide networking at high transmissionrates.The web application allows users to perform certain actions via HTTPrequests without performing any validity checks to verify the requests. Thedevolo web application uses predictable URL/form actions in a repeatable way.This can be exploited to perform certain actions with administrative privilegesif a logged-in user visits a malicious web site.Tested on: Linux 2.6.31
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201902-1018",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dlan",
"scope": "eq",
"trust": 0.2,
"vendor": "devolo",
"version": "dlan 500 av wireless+ 3.1.0-1 (i386)"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2019-5508"
},
{
"db": "ZSL",
"id": "ZSL-2019-5507"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability discovered by Stefan Petrushevski",
"sources": [
{
"db": "ZSL",
"id": "ZSL-2019-5508"
},
{
"db": "ZSL",
"id": "ZSL-2019-5507"
}
],
"trust": 0.2
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [],
"severity": [
{
"author": "ZSL",
"id": "ZSL-2019-5508",
"trust": 0.1,
"value": "(4/5)"
},
{
"author": "ZSL",
"id": "ZSL-2019-5507",
"trust": 0.1,
"value": "(3/5)"
}
]
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2019-5508"
},
{
"db": "ZSL",
"id": "ZSL-2019-5507"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Devolo dLAN\u00ae 550 duo+ Starter Kit is Powerlineadapter which isa cost-effective and helpful networking alternative for any locationwithout structured network wiring. Especially in buildings or residenceslacking network cables or where updating the wiring would be expensiveand complicated, Powerline adapters provide networking at high transmissionrates.The web application allows users to perform certain actions via HTTPrequests without performing any validity checks to verify the requests. Thedevolo web application uses predictable URL/form actions in a repeatable way.This can be exploited to perform certain actions with administrative privilegesif a logged-in user visits a malicious web site.Tested on: Linux 2.6.31",
"sources": [
{
"db": "ZSL",
"id": "ZSL-2019-5508"
},
{
"db": "ZSL",
"id": "ZSL-2019-5507"
}
],
"trust": 0.18
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.zeroscience.mk/codes/devolo_rce.txt",
"trust": 0.1,
"type": "poc"
},
{
"reference": "https://www.zeroscience.mk/codes/devolo_csrf.txt",
"trust": 0.1,
"type": "poc"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2019-5508"
},
{
"db": "ZSL",
"id": "ZSL-2019-5507"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2019-5507",
"trust": 0.2
},
{
"db": "ZSL",
"id": "ZSL-2019-5508",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "46325",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2019020038",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "151527",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "151526",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2019020039",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "46324",
"trust": 0.1
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2019-5508"
},
{
"db": "ZSL",
"id": "ZSL-2019-5507"
}
]
},
"id": "VAR-201902-1018",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2022-10-19T22:19:16.850000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.1,
"url": "https://www.zeroscience.mk/en/vulnerabilities/zsl-2019-5507.php"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/46325"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/151527"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2019020038"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156596"
},
{
"trust": 0.1,
"url": "https://www.zeroscience.mk/en/vulnerabilities/zsl-2019-5508.php"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/46324"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/151526"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2019020039"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156595"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2019-5508"
},
{
"db": "ZSL",
"id": "ZSL-2019-5507"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2019-5508"
},
{
"db": "ZSL",
"id": "ZSL-2019-5507"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-03T00:00:00",
"db": "ZSL",
"id": "ZSL-2019-5508"
},
{
"date": "2019-02-03T00:00:00",
"db": "ZSL",
"id": "ZSL-2019-5507"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-10T00:00:00",
"db": "ZSL",
"id": "ZSL-2019-5508"
},
{
"date": "2019-02-10T00:00:00",
"db": "ZSL",
"id": "ZSL-2019-5507"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "devolo dLAN 550 duo+ Starter Kit Remote Code Execution",
"sources": [
{
"db": "ZSL",
"id": "ZSL-2019-5508"
}
],
"trust": 0.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Remote/Local,System Access, DoS",
"sources": [
{
"db": "ZSL",
"id": "ZSL-2019-5508"
}
],
"trust": 0.1
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…