CVE-2020-27692

Name of the Vulnerable Software and Affected Versions Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516

Description The Relish (Verve Connect) VH510 device contains multiple CSRF vulnerabilities within its web management portal. Attackers can use this to update the TR-069 configuration server settings, which are responsible for managing devices remotely. This makes it possible to remotely reboot the device or upload malicious firmware.

Recommendations For firmware versions before 1.0.1.6L0516, update the firmware to version 1.0.1.6L0516 or later to resolve the issue. As a temporary workaround, consider restricting access to the web management portal to minimize the risk of exploitation.