Vulnerability Description
The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains multiple CSRF vulnerabilities within its web management portal. Attackers can, for example, use this to update the TR-069 configuration server settings (responsible for managing devices remotely). This makes it possible to remotely reboot the device or upload malicious firmware.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Imomobile | Verve Connect Vh510 Firmware | < 1.0.1.6l0516 |
| Imomobile | Verve Connect Vh510 | l0am095a |
Related Weaknesses (CWE)
References
- https://6point6.co.uk/insights/security-advisory-relish-4g-hub-vh510/Third Party Advisory
- https://6point6.co.uk/wp-content/uploads/2020/10/Relish-4G-VH510-Hub-Full-DiscloExploitThird Party Advisory
- https://6point6.co.uk/insights/security-advisory-relish-4g-hub-vh510/Third Party Advisory
- https://6point6.co.uk/wp-content/uploads/2020/10/Relish-4G-VH510-Hub-Full-DiscloExploitThird Party Advisory
FAQ
What is CVE-2020-27692?
CVE-2020-27692 is a vulnerability with a CVSS score of 8.8 (HIGH). The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains multiple CSRF vulnerabilities within its web management portal. Attackers can, for example, use this to update the TR...
How severe is CVE-2020-27692?
CVE-2020-27692 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-27692?
Check the references section above for vendor advisories and patch information. Affected products include: Imomobile Verve Connect Vh510 Firmware, Imomobile Verve Connect Vh510.