24 matches found
EUVD-2020-20195
Malware in sbrugna...
EUVD-2020-20194
Malware in sbrugna...
CVE-2020-27691
The Relish Verve Connect VH510 device with firmware before 1.0.1.6L0516 allows XSS via URLBlocking Settings, SNMP Settings, and System Log Settings...
CVE-2020-27689
The Relish Verve Connect VH510 device with firmware before 1.0.1.6L0516 contains undocumented default admin credentials for the web management interface. A remote attacker could exploit this vulnerability to login and execute commands on the device, as well as upgrade the firmware image to a...
CVE-2020-27692
The Relish Verve Connect VH510 device with firmware before 1.0.1.6L0516 contains multiple CSRF vulnerabilities within its web management portal. Attackers can, for example, use this to update the TR-069 configuration server settings responsible for managing devices remotely. This makes it possibl...
CVE-2020-27690
The Relish Verve Connect VH510 device with firmware before 1.0.1.6L0516 contains a buffer overflow within its web management portal. When a POST request is sent to /boaform/admin/formDOMAINBLK with a large blkDomain value, the Boa server crashes...
CVE-2020-27692
The Relish Verve Connect VH510 device with firmware before 1.0.1.6L0516 contains multiple CSRF vulnerabilities within its web management portal. Attackers can, for example, use this to update the TR-069 configuration server settings responsible for managing devices remotely. This makes it possibl...
CVE-2020-27691
The Relish Verve Connect VH510 device with firmware before 1.0.1.6L0516 allows XSS via URLBlocking Settings, SNMP Settings, and System Log Settings...
CVE-2020-27691
The Relish Verve Connect VH510 device with firmware before 1.0.1.6L0516 allows XSS via URLBlocking Settings, SNMP Settings, and System Log Settings...
CVE-2020-27692
The Relish Verve Connect VH510 device with firmware before 1.0.1.6L0516 contains multiple CSRF vulnerabilities within its web management portal. Attackers can, for example, use this to update the TR-069 configuration server settings responsible for managing devices remotely. This makes it possibl...
CVE-2020-27690
The Relish Verve Connect VH510 device with firmware before 1.0.1.6L0516 contains a buffer overflow within its web management portal. When a POST request is sent to /boaform/admin/formDOMAINBLK with a large blkDomain value, the Boa server crashes...
Cross site scripting
The Relish Verve Connect VH510 device with firmware before 1.0.1.6L0516 allows XSS via URLBlocking Settings, SNMP Settings, and System Log Settings...
Cross site request forgery (csrf)
The Relish Verve Connect VH510 device with firmware before 1.0.1.6L0516 contains multiple CSRF vulnerabilities within its web management portal. Attackers can, for example, use this to update the TR-069 configuration server settings responsible for managing devices remotely. This makes it possibl...
CVE-2020-27689
The Relish Verve Connect VH510 device with firmware before 1.0.1.6L0516 contains undocumented default admin credentials for the web management interface. A remote attacker could exploit this vulnerability to login and execute commands on the device, as well as upgrade the firmware image to a...
CVE-2020-27689
The Relish Verve Connect VH510 device with firmware before 1.0.1.6L0516 contains undocumented default admin credentials for the web management interface. A remote attacker could exploit this vulnerability to login and execute commands on the device, as well as upgrade the firmware image to a...
Design/Logic Flaw
The Relish Verve Connect VH510 device with firmware before 1.0.1.6L0516 contains undocumented default admin credentials for the web management interface. A remote attacker could exploit this vulnerability to login and execute commands on the device, as well as upgrade the firmware image to a...
CVE-2020-27692
The Relish Verve Connect VH510 device with firmware before 1.0.1.6L0516 contains multiple CSRF vulnerabilities within its web management portal. Attackers can, for example, use this to update the TR-069 configuration server settings responsible for managing devices remotely. This makes it possibl...
CVE-2020-27692
The CVE-2020-27692 entry concerns the Relish (Verve Connect) VH510 hub, with firmware prior to 1.0.1.6L0516. Multiple CSRF flaws exist in the device’s web management portal that can be leveraged to modify TR-069 configuration, enabling remote reboot or uploading malicious firmware. Connected sour...
CVE-2020-27691
The CVE-2020-27691 entry concerns the Verve Connect VH510 (Relish) gateway. Affected firmware versions prior to 1.0.1.6L0516 are vulnerable to cross-site scripting (XSS) via the device’s UI settings pages: URLBlocking, SNMP, and System Log settings. The root cause is an input handling flaw in the...
CVE-2020-27691
The Relish Verve Connect VH510 device with firmware before 1.0.1.6L0516 allows XSS via URLBlocking Settings, SNMP Settings, and System Log Settings...