This affects both business and home customers.
All of these devices have a default SSID of “Relish_Home_XXXXXX”.
Small Business Entities: HIGH
Home Users: HIGH
The Verve Connect 4G hub provided by Relish (now known as Three Broadband) contains multiple vulnerabilities, which when combined may allow an attacker to take over the device.
A default administrator password (CVE-2020-27689) was found in three devices that we tested.
There are multiple CSRF vulnerabilities (CVE-2020-27692) which exist in the web management interface, including the login page and a feature for device management. With the default admin credentials, attackers can force users that are on the same network to login into the web management interface and potentially gain remote access or control the network device.
A buffer overflow vulnerability (CVE-2020-27690) was found. The file /boaform/admin/formDOMAINBLK does not properly filter or check the size of a ‘blkDomain’ parameter when sending a POST request. This causes the Boa server to crash and may also lead to remote command execution. This POST request is also vulnerable to the CSRF which allows this attack to be launched remotely, requiring a user that’s on the same network to click a link.
The are also multiple XSS vulnerabilities (CVE-2020-27691) which have low impact. The affect components are URLBlocking Settings, SNMP Settings, and System Log Settings, which allow attackers to inject JS and HTML tags.
The Verve Connect hub may no longer be maintained or supported, yet there are many companies and home users that still use this device. It’s important that you follow the instructions below to help keep safe and prevent attackers compromising your network.