CVE-2020-27691

Опубликовано: 04 нояб. 2020

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 allows XSS via URLBlocking Settings, SNMP Settings, and System Log Settings.

Ссылки

https://6point6.co.uk/insights/security-advisory-relish-4g-hub-vh510/
Third Party Advisory
https://6point6.co.uk/wp-content/uploads/2020/10/Relish-4G-VH510-Hub-Full-Disclosure-v1.3.pdf
Exploit
Third Party Advisory
https://6point6.co.uk/insights/security-advisory-relish-4g-hub-vh510/
Third Party Advisory
https://6point6.co.uk/wp-content/uploads/2020/10/Relish-4G-VH510-Hub-Full-Disclosure-v1.3.pdf
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:imomobile:verve_connect_vh510_firmware:*:*:*:*:*:*:*:*

Версия до 1.0.1.6l0516 (исключая)

cpe:2.3:h:imomobile:verve_connect_vh510:l0am095a:*:*:*:*:*:*:*

EPSS

Процентиль: 55%

0.00328

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-w434-qv76-rcj7

github

больше 3 лет назад