Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-27689 | 1 Imomobile | 2 Verve Connect Vh510, Verve Connect Vh510 Firmware | 2020-11-10 | 5.0 MEDIUM | 9.8 CRITICAL |
The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains undocumented default admin credentials for the web management interface. A remote attacker could exploit this vulnerability to login and execute commands on the device, as well as upgrade the firmware image to a malicious version. | |||||
CVE-2020-27692 | 1 Imomobile | 2 Verve Connect Vh510, Verve Connect Vh510 Firmware | 2020-11-10 | 6.8 MEDIUM | 8.8 HIGH |
The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains multiple CSRF vulnerabilities within its web management portal. Attackers can, for example, use this to update the TR-069 configuration server settings (responsible for managing devices remotely). This makes it possible to remotely reboot the device or upload malicious firmware. | |||||
CVE-2020-27690 | 1 Imomobile | 2 Verve Connect Vh510, Verve Connect Vh510 Firmware | 2020-11-10 | 4.9 MEDIUM | 5.5 MEDIUM |
The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains a buffer overflow within its web management portal. When a POST request is sent to /boaform/admin/formDOMAINBLK with a large blkDomain value, the Boa server crashes. | |||||
CVE-2020-27691 | 1 Imomobile | 2 Verve Connect Vh510, Verve Connect Vh510 Firmware | 2020-11-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 allows XSS via URLBlocking Settings, SNMP Settings, and System Log Settings. |