Vulnerability Details CVE-2020-27689
The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains undocumented default admin credentials for the web management interface. A remote attacker could exploit this vulnerability to login and execute commands on the device, as well as upgrade the firmware image to a malicious version.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.016
EPSS Ranking 80.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 5.0
References
- https://6point6.co.uk/insights/security-advisory-relish-4g-hub-vh510/
- https://6point6.co.uk/wp-content/uploads/2020/10/Relish-4G-VH510-Hub-Full-Disclosure-v1.3.pdf
- https://6point6.co.uk/insights/security-advisory-relish-4g-hub-vh510/
- https://6point6.co.uk/wp-content/uploads/2020/10/Relish-4G-VH510-Hub-Full-Disclosure-v1.3.pdf
Products affected by CVE-2020-27689
-
cpe:2.3:h:imomobile:verve_connect_vh510:l0am095a
-
cpe:2.3:o:imomobile:verve_connect_vh510_firmware:-