cbcvebase.

Imomobile Verve Connect Vh510 Firmware vulnerabilities

4 known vulnerabilities affecting imomobile/verve_connect_vh510_firmware.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2020-27689P2CRITICALCVSS 9.8fixed in 1.0.1.6l05162020-11-04
CVE-2020-27689 [CRITICAL] CWE-798 CVE-2020-27689: The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains undocumented defa The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains undocumented default admin credentials for the web management interface. A remote attacker could exploit this vulnerability to login and execute commands on the device, as well as upgrade the firmware image to a malicious version.
nvd
CVE-2020-27692P3HIGHCVSS 8.8fixed in 1.0.1.6l05162020-11-04
CVE-2020-27692 [HIGH] CWE-352 CVE-2020-27692: The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains multiple CSRF vul The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains multiple CSRF vulnerabilities within its web management portal. Attackers can, for example, use this to update the TR-069 configuration server settings (responsible for managing devices remotely). This makes it possible to remotely reboot the device or upload malicious
nvd
CVE-2020-27691P4MEDIUMCVSS 6.1fixed in 1.0.1.6l05162020-11-04
CVE-2020-27691 [MEDIUM] CWE-79 CVE-2020-27691: The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 allows XSS via URLBlocking The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 allows XSS via URLBlocking Settings, SNMP Settings, and System Log Settings.
nvd
CVE-2020-27690P4MEDIUMCVSS 5.5fixed in 1.0.1.6l05162020-11-04
CVE-2020-27690 [MEDIUM] CWE-120 CVE-2020-27690: The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains a buffer overflow The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains a buffer overflow within its web management portal. When a POST request is sent to /boaform/admin/formDOMAINBLK with a large blkDomain value, the Boa server crashes.
nvd
Imomobile Verve Connect Vh510 Firmware vulnerabilities | cvebase