Cs-c2shw Firmware@5.0.082.1 Security Vulnerabilities and Issues — Cs-c2shw Firmware@5.0.082.1 CVE List

Lucene search

CompanyCs-c2shw Firmware5.0.082.1

4 matches found

CVE•added 2021/01/26 6:15 p.m.•31 views

CVE-2020-27540

Bash injection vulnerability and bypass of signature verification in Rostelecom CS-C2SHW 5.0.082.1. The camera reads firmware update configuration from SD card file vc\version.json. fw-sign parameter and from this configuration is directly inserted into a bash command. Firmware update is run automa...

9.8CVSS9.5AI score0.00203EPSS

CVE•added 2021/01/26 6:15 p.m.•28 views

CVE-2020-27539

Heap overflow with full parsing of HTTP respose in Rostelecom CS-C2SHW 5.0.082.1. AgentUpdater service has a self-written HTTP parser and builder. HTTP parser has a heap buffer overflow (OOB write). In default configuration camera parses responses only from HTTPS URLs from config file, so vulnerabl...

9.8CVSS9.6AI score0.00593EPSS

CVE•added 2021/01/26 6:15 p.m.•25 views

CVE-2020-27542

Rostelecom CS-C2SHW 5.0.082.1 is affected by: Bash command injection. The camera reads configuration from QR code (including network settings). The static IP configuration from QR code is copied to the file /config/ip-static and after reboot data from this file is inserted into bash command (withou...

6.8CVSS7.1AI score0.00758EPSS

CVE•added 2021/01/26 6:15 p.m.•21 views

CVE-2020-27541

Denial of Service vulnerability in Rostelecom CS-C2SHW 5.0.082.1. AgentGreen service has a bug in parsing broadcast discovery UDP packet. Sending a packet of too small size will lead to an attempt of allocating buffer of negative size. As the result service AgentGreen will be terminated and started...

7.5CVSS7.5AI score0.00432EPSS