Vulnerabilities ›

CVE-2019-25231

High

Devolo dLAN Cockpit Unquoted Service Path Privilege Escalation Vulnerability

CWE-428 — Weakness Type

                    Published: Jan 8, 2026                      ·  Modified: Feb 28, 2026                      ·  Source: NVD                

CVSS v3

8.4

🔗 NVD Official

📄 Description (English)

devolo dLAN Cockpit 4.3.1 contains an unquoted service path vulnerability in the 'DevoloNetworkService' that allows local non-privileged users to potentially execute arbitrary code. Attackers can exploit the insecure service path configuration by inserting malicious code in the system root path to execute with elevated privileges during application startup or system reboot.

🤖 AI Executive Summary

CVE-2019-25231 is an unquoted service path vulnerability in devolo dLAN Cockpit 4.3.1 that allows local non-privileged users to execute arbitrary code with elevated privileges. Attackers can exploit the DevoloNetworkService misconfiguration by placing malicious executables in the system root path to gain code execution during startup.

📄 Description (Arabic)

تحتوي نسخة devolo dLAN Cockpit 4.3.1 على ثغرة في مسار الخدمة غير المقتبس حيث يمكن للمستخدمين غير المميزين محليًا استغلال خدمة DevoloNetworkService لتنفيذ أكواد ضارة. يمكن للمهاجمين إدراج ملفات تنفيذية ضارة في مسار جذر النظام لتنفيذها برمتيازات مرتفعة عند بدء التشغيل أو إعادة تشغيل النظام.

🤖 ملخص تنفيذي (AI)

🤖 AI Intelligence Analysis Analyzed: May 1, 2026 13:37

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: medium

🏢 Affected Saudi Sectors

telecom energy government

🎯 MITRE ATT&CK Techniques

T1547.001 T1134.003 T1548.004

⚖️ Saudi Risk Score (AI)

8.0

/ 10.0

🔧 Remediation Steps (English)

Update devolo dLAN Cockpit to version 4.4.0 or later. Ensure the DevoloNetworkService path is properly quoted in the Windows Registry. Restrict file write permissions on system root directories. Apply principle of least privilege for service accounts.

🔧 خطوات المعالجة (العربية)

قم بتحديث devolo dLAN Cockpit إلى الإصدار 4.4.0 أو أحدث. تأكد من أن مسار DevoloNetworkService مقتبس بشكل صحيح في سجل Windows. قيد أذونات الكتابة على مجلدات جذر النظام. طبق مبدأ أقل امتياز لحسابات الخدمة.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

4.1.1 4.2.1 4.3.1

🔵 SAMA CSF

AC-2 AC-3 SI-7

🟡 ISO 27001:2022

A.9.2.1 A.9.2.5 A.12.6.1

🔗 References & Sources 5

🔗

https://cxsecurity.com/issue/WLB-2019020037

disclosure@vulncheck.com

🔗

https://exchange.xforce.ibmcloud.com/vulnerabilities/156594

disclosure@vulncheck.com

🔗

https://packetstormsecurity.com/files/151525

disclosure@vulncheck.com

🔗

https://www.devolo.global/

disclosure@vulncheck.com

🔗

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5506.php

disclosure@vulncheck.com

📊 CVSS Score

8.4

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score8.4

CWECWE-428

EPSS0.02%

Exploit No

Patch ✓ Yes

Published 2026-01-08

Source Feed nvd

🇸🇦 Saudi Risk Score

8.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-428

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2019-25231

💬 Comments

Introduce Yourself

Sign In Required