Vulnerabilities > CVE-2020-27539 - Out-of-bounds Write vulnerability in Company Cs-C2Shw Firmware 5.0.082.1

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

company

CWE-787

critical

NVD

Published: 2021-01-26

Updated: 2024-11-21

Summary

Heap overflow with full parsing of HTTP respose in Rostelecom CS-C2SHW 5.0.082.1. AgentUpdater service has a self-written HTTP parser and builder. HTTP parser has a heap buffer overflow (OOB write). In default configuration camera parses responses only from HTTPS URLs from config file, so vulnerable code is unreachable and one more bug required to reach it.

Vulnerable Configurations

Part	Description	Count
OS	Company Company CS C2Shw Firmware 5.0.082.1	1
Hardware	Company Company CS C2Shw -	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://dil4rd.medium.com/groundhog-day-in-iot-valley-or-5-cves-in-1-camera-7dc1d2864707
https://dil4rd.medium.com/groundhog-day-in-iot-valley-or-5-cves-in-1-camera-7dc1d2864707