CVE-2020-27690 Information

Description

The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains a buffer overflow within its web management portal. When a POST request is sent to /boaform/admin/formDOMAINBLK with a large blkDomain value the Boa server crashes.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Reference

https://6point6.co.uk/insights/security-advisory-relish-4g-hub-vh510/ https://6point6.co.uk/wp-content/uploads/2020/10/Relish-4G-VH510-Hub-Full-Disclosure-v1.3.pdf

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

5.5