← Back to CVEs

CVE-2020-27692

HIGH

8.8

Description

The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains multiple CSRF vulnerabilities within its web management portal. Attackers can, for example, use this to update the TR-069 configuration server settings (responsible for managing devices remotely). This makes it possible to remotely reboot the device or upload malicious firmware.

CVE Details

CVSS v3.1 Score8.8

SeverityHIGH

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionREQUIRED

Published11/4/2020

Last Modified11/21/2024

Sourcenvd

Honeypot Sightings0

Affected Products

imomobile:verve_connect_vh510imomobile:verve_connect_vh510_firmware

Weaknesses (CWE)

CWE-352

References

https://6point6.co.uk/insights/security-advisory-relish-4g-hub-vh510/(cve@mitre.org)

https://6point6.co.uk/wp-content/uploads/2020/10/Relish-4G-VH510-Hub-Full-Disclosure-v1.3.pdf(cve@mitre.org)

https://6point6.co.uk/insights/security-advisory-relish-4g-hub-vh510/(af854a3a-2127-422b-91ae-364da2661108)

https://6point6.co.uk/wp-content/uploads/2020/10/Relish-4G-VH510-Hub-Full-Disclosure-v1.3.pdf(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.