CVE-2020-27692

HIGH

Verve Connect VH510 Firmware < 1.0.1.6l0516 - Cross-Site Request Forgery in Web Management Portal

Title source: llm
STIX 2.1

Description

The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains multiple CSRF vulnerabilities within its web management portal. Attackers can, for example, use this to update the TR-069 configuration server settings (responsible for managing devices remotely). This makes it possible to remotely reboot the device or upload malicious firmware.

References (2)

Core 2

Scores

CVSS v3 8.8
EPSS 0.0054
EPSS Percentile 41.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (1)
imomobile/verve_connect_vh510_firmware < 1.0.1.6l0516
Published Nov 04, 2020
Tracked Since Feb 18, 2026