Vulnerabilities (CVE)

Filtered by vendor Imomobile Subscribe
Filtered by product Verve Connect Vh510
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-27692 1 Imomobile 2 Verve Connect Vh510, Verve Connect Vh510 Firmware 2024-11-21 6.8 MEDIUM 8.8 HIGH
The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains multiple CSRF vulnerabilities within its web management portal. Attackers can, for example, use this to update the TR-069 configuration server settings (responsible for managing devices remotely). This makes it possible to remotely reboot the device or upload malicious firmware.
CVE-2020-27691 1 Imomobile 2 Verve Connect Vh510, Verve Connect Vh510 Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 allows XSS via URLBlocking Settings, SNMP Settings, and System Log Settings.
CVE-2020-27690 1 Imomobile 2 Verve Connect Vh510, Verve Connect Vh510 Firmware 2024-11-21 4.9 MEDIUM 5.5 MEDIUM
The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains a buffer overflow within its web management portal. When a POST request is sent to /boaform/admin/formDOMAINBLK with a large blkDomain value, the Boa server crashes.
CVE-2020-27689 1 Imomobile 2 Verve Connect Vh510, Verve Connect Vh510 Firmware 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains undocumented default admin credentials for the web management interface. A remote attacker could exploit this vulnerability to login and execute commands on the device, as well as upgrade the firmware image to a malicious version.