Sign-up

ID

VAR-202101-0391


CVE

CVE-2020-27539


TITLE

Rostelecom CS-C2SHW  Out-of-bounds Vulnerability in Microsoft

Trust: 0.8

sources: JVNDB: JVNDB-2020-015665

DESCRIPTION

Heap overflow with full parsing of HTTP respose in Rostelecom CS-C2SHW 5.0.082.1. AgentUpdater service has a self-written HTTP parser and builder. HTTP parser has a heap buffer overflow (OOB write). In default configuration camera parses responses only from HTTPS URLs from config file, so vulnerable code is unreachable and one more bug required to reach it. Rostelecom CS-C2SHW Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2020-27539 // JVNDB: JVNDB-2020-015665 // VULMON: CVE-2020-27539

IOT TAXONOMY

category:['camera device']sub_category:camera

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor: - model:cs-c2shw_firmwarescope:eqversion:5.0.082.1

Trust: 1.0

vendor:rostelecommodel:cs-c2shwscope:eqversion:cs-c2shw firmware 5.0.082.1

Trust: 0.8

vendor:rostelecommodel:cs-c2shwscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-015665 // NVD: CVE-2020-27539

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-27539
value: CRITICAL

Trust: 1.0

NVD: CVE-2020-27539
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202101-2329
value: CRITICAL

Trust: 0.6

VULMON: CVE-2020-27539
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-27539
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2020-27539
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-27539
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2020-27539 // JVNDB: JVNDB-2020-015665 // CNNVD: CNNVD-202101-2329 // NVD: CVE-2020-27539

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-015665 // NVD: CVE-2020-27539

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-2329

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202101-2329

PATCH

title:Top Pageurl:https://www.company.rt.ru/en/

Trust: 0.8

sources: JVNDB: JVNDB-2020-015665

EXTERNAL IDS

db:NVDid:CVE-2020-27539

Trust: 2.6

db:JVNDBid:JVNDB-2020-015665

Trust: 0.8

db:CNNVDid:CNNVD-202101-2329

Trust: 0.6

db:OTHERid:NONE

Trust: 0.1

db:VULMONid:CVE-2020-27539

Trust: 0.1

sources: OTHER: None // VULMON: CVE-2020-27539 // JVNDB: JVNDB-2020-015665 // CNNVD: CNNVD-202101-2329 // NVD: CVE-2020-27539

REFERENCES

url:https://dil4rd.medium.com/groundhog-day-in-iot-valley-or-5-cves-in-1-camera-7dc1d2864707

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-27539

Trust: 1.4

url:https://ieeexplore.ieee.org/abstract/document/10769424

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: OTHER: None // VULMON: CVE-2020-27539 // JVNDB: JVNDB-2020-015665 // CNNVD: CNNVD-202101-2329 // NVD: CVE-2020-27539

SOURCES

db:OTHERid: -
db:VULMONid:CVE-2020-27539
db:JVNDBid:JVNDB-2020-015665
db:CNNVDid:CNNVD-202101-2329
db:NVDid:CVE-2020-27539

LAST UPDATE DATE

2025-01-30T20:47:26.645000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2020-27539date:2021-02-02T00:00:00
db:JVNDBid:JVNDB-2020-015665date:2021-10-08T09:02:00
db:CNNVDid:CNNVD-202101-2329date:2021-02-09T00:00:00
db:NVDid:CVE-2020-27539date:2024-11-21T05:21:19.983

SOURCES RELEASE DATE

db:VULMONid:CVE-2020-27539date:2021-01-26T00:00:00
db:JVNDBid:JVNDB-2020-015665date:2021-10-08T00:00:00
db:CNNVDid:CNNVD-202101-2329date:2021-01-26T00:00:00
db:NVDid:CVE-2020-27539date:2021-01-26T18:15:46.053