CVE-2020-27690

low-risk
Published 2020-11-04

The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains a buffer overflow within its web management portal. When a POST request is sent to /boaform/admin/formDOMAINBLK with a large blkDomain value, the Boa server crashes.

Do I need to act?

-
0.05% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
LOCAL / LOW complexity

Affected Products (1)

Verve Connect Vh510 Firmware

Affected Vendors

Imomobile

References (4)

Third Party Advisory https://6point6.co.uk/insights/security-advisory-relish-4g-hub-vh510/
Exploit https://6point6.co.uk/wp-content/uploads/2020/10/Relish-4G-VH510-Hub-Full-Disclo...
Third Party Advisory https://6point6.co.uk/insights/security-advisory-relish-4g-hub-vh510/
Exploit https://6point6.co.uk/wp-content/uploads/2020/10/Relish-4G-VH510-Hub-Full-Disclo...
23
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal