CVE-2020-27689 – The Relish VH510 4G hub contains hardcoded admi... (How to Fix)

Q: What is the severity of CVE-2020-27689?

CVE-2020-27689 has a CVSS score of 9.8 (CRITICAL). The Relish VH510 4G hub contains hardcoded admin credentials in firmware versions before 1.0.1.6L0516, allowing remote attackers to gain administrative access to the web interface. This enables complete device compromise including command execution and firmware replacement with malicious versions. All users of affected VH510 devices with vulnerable firmware are impacted.

📋 TL;DR

The Relish VH510 4G hub contains hardcoded admin credentials in firmware versions before 1.0.1.6L0516, allowing remote attackers to gain administrative access to the web interface. This enables complete device compromise including command execution and firmware replacement with malicious versions. All users of affected VH510 devices with vulnerable firmware are impacted.

💻 Affected Systems

Products:

Relish (Verve Connect) VH510 4G Hub

Versions: All firmware versions before 1.0.1.6L0516

Operating Systems: Embedded Linux-based firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices shipped with vulnerable firmware are affected out-of-the-box. No special configuration required.

📦 What is this software?

Verve Connect Vh510 Firmware by Imomobile

View all CVEs affecting Verve Connect Vh510 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device takeover allowing attacker to install malicious firmware, intercept all network traffic, use device as pivot point into internal networks, and maintain persistent access.

🟠

Likely Case

Unauthorized administrative access leading to device configuration changes, network disruption, and potential credential harvesting from connected devices.

🟢

If Mitigated

Limited impact if device is behind firewall with no external web interface access and strong network segmentation.

🌐 Internet-Facing: HIGH - Web management interface is typically accessible from WAN, allowing direct remote exploitation.

🏢 Internal Only: MEDIUM - Attackers with internal network access could exploit, but requires network foothold first.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only knowledge of default credentials and access to web interface. Full disclosure includes technical details.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.0.1.6L0516 or later

Vendor Advisory: https://6point6.co.uk/insights/security-advisory-relish-4g-hub-vh510/

Restart Required: Yes

Instructions:

1. Log into VH510 web interface. 2. Navigate to System > Firmware Update. 3. Upload firmware version 1.0.1.6L0516 or later. 4. Apply update and allow device to reboot. 5. Verify firmware version after reboot.

🔧 Temporary Workarounds

Network Access Restriction

all

Block external access to VH510 web management interface using firewall rules

Credential Change

all

Change default admin credentials if device allows credential modification

🧯 If You Can't Patch

Isolate VH510 device on separate VLAN with strict firewall rules preventing external and internal access to management interface
Disable remote management features and ensure web interface is only accessible from trusted management network

🔍 How to Verify

Check if Vulnerable:

Check firmware version in web interface under System > Status. If version is earlier than 1.0.1.6L0516, device is vulnerable.

Check Version:

No CLI command available. Must check via web interface at System > Status page.

Verify Fix Applied:

After update, verify firmware version shows 1.0.1.6L0516 or later in System > Status. Attempt to login with default credentials should fail.

📡 Detection & Monitoring

Log Indicators:

Multiple failed login attempts followed by successful admin login
Firmware update events from unexpected sources
Configuration changes from unknown IP addresses

Network Indicators:

HTTP requests to /cgi-bin/luci on port 80/443 from external IPs
Unusual outbound connections from VH510 device

SIEM Query:

source_ip="VH510_IP" AND (http_uri="/cgi-bin/luci" OR event_type="login_success" AND user="admin")

📊 Metadata

CVE ID: CVE-2020-27689

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-798

Published: November 4, 2020

Last Updated: November 21, 2024

🔗 References

https://6point6.co.uk/insights/security-advisory-relish-4g-hub-vh510/ Third Party Advisory
https://6point6.co.uk/wp-content/uploads/2020/10/Relish-4G-VH510-Hub-Full-Disclosure-v1.3.pdf Exploit,Third Party Advisory
https://6point6.co.uk/insights/security-advisory-relish-4g-hub-vh510/ Third Party Advisory
https://6point6.co.uk/wp-content/uploads/2020/10/Relish-4G-VH510-Hub-Full-Disclosure-v1.3.pdf Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-27689, you might also want to check these: