CVE-2020-27539 - Heap overflow with full parsing of HTTP respose in Rostelecom CS-C2SHW 5.0.082.1. AgentUpdater servi

CVE-2020-27539

Summary

Heap overflow with full parsing of HTTP respose in Rostelecom CS-C2SHW 5.0.082.1. AgentUpdater service has a self-written HTTP parser and builder. HTTP parser has a heap buffer overflow (OOB write). In default configuration camera parses responses only from HTTPS URLs from config file, so vulnerable code is unreachable and one more bug required to reach it.

References

https://dil4rd.medium.com/groundhog-day-in-iot-valley-or-5-cves-in-1-camera-7dc1d2864707

Vulnerable Configurations

cpe:2.3:o:company:cs-c2shw_firmware:5.0.082.1:*:*:*:*:*:*:*
cpe:2.3:o:company:cs-c2shw_firmware:5.0.082.1:*:*:*:*:*:*:*
cpe:2.3:h:company:cs-c2shw:-:*:*:*:*:*:*:*
cpe:2.3:h:company:cs-c2shw:-:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 02-02-2021 - 18:56)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

Last major update

02-02-2021 - 18:56

Published

26-01-2021 - 18:15

Last modified

02-02-2021 - 18:56