Imomobile: >> Verve Connect Vh510 Firmware Security Vulnerabilities
The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains a buffer overflow within its web management portal. When a POST request is sent to /boaform/admin/formDOMAINBLK with a large blkDomain value, the Boa server crashes.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-11-04
The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 allows XSS via URLBlocking Settings, SNMP Settings, and System Log Settings.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-11-04
The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains multiple CSRF vulnerabilities within its web management portal. Attackers can, for example, use this to update the TR-069 configuration server settings (responsible for managing devices remotely). This makes it possible to remotely reboot the device or upload malicious firmware.
CVSS Score
8.8
EPSS Score
0.001
Published
2020-11-04
The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains undocumented default admin credentials for the web management interface. A remote attacker could exploit this vulnerability to login and execute commands on the device, as well as upgrade the firmware image to a malicious version.
CVSS Score
9.8
EPSS Score
0.016
Published
2020-11-04