CVE-2020-27690

Name of the Vulnerable Software and Affected Versions Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516

Description The issue concerns a buffer overflow within the web management portal of the device. This occurs when a POST request is sent to the "/boaform/admin/formDOMAINBLK" endpoint with a large blkDomain value, causing the Boa server to crash.

Recommendations For firmware versions before 1.0.1.6L0516, update the firmware to version 1.0.1.6L0516 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/boaform/admin/formDOMAINBLK" endpoint to minimize the risk of exploitation. Avoid using large values for the blkDomain variable in the affected API endpoint until the issue is resolved.