← back
CVE-2020-27692

CVE-2020-27692

EPSS 0.5%
The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains multiple CSRF vulnerabilities within its web management portal. Attackers can, for example, use this to update the TR-069 configuration server settings (responsible for managing devices remotely). This makes it possible to remotely reboot the device or upload malicious firmware.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://6point6.co.uk/insights/security-advisory-relish-4g-hub-vh510/https://6point6.co.uk/wp-content/uploads/2020/10/Relish-4G-VH510-Hub-Full-Disclosure-v1.3.pdf