Design/Logic Flaw

2020-11-0420:15:00

PRIOn knowledge base

www.prio-n.com

9.5 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

83.1%

JSON

The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains undocumented default admin credentials for the web management interface. A remote attacker could exploit this vulnerability to login and execute commands on the device, as well as upgrade the firmware image to a malicious version.

CPENameOperatorVersion
verve_connect_vh510_firmwareeq< 1.0.1.6l516

CPE	Name	Operator	Version
	verve_connect_vh510_firmware	eq	< 1.0.1.6l516

References

6point6.co.uk/insights/security-advisory-relish-4g-hub-vh510/

6point6.co.uk/wp-content/uploads/2020/10/Relish-4G-VH510-Hub-Full-Disclosure-v1.3.pdf