CVE-2020-27539

CRITICAL

Rostelecom CS-C2SHW 5.0.082.1 - Buffer Overflow

Title source: llm
STIX 2.1

Description

Heap overflow with full parsing of HTTP respose in Rostelecom CS-C2SHW 5.0.082.1. AgentUpdater service has a self-written HTTP parser and builder. HTTP parser has a heap buffer overflow (OOB write). In default configuration camera parses responses only from HTTPS URLs from config file, so vulnerable code is unreachable and one more bug required to reach it.

References (1)

Core 1
Core References

Scores

CVSS v3 9.8
EPSS 0.0126
EPSS Percentile 66.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (1)
company/cs-c2shw_firmware 5.0.082.1
Published Jan 26, 2021
Tracked Since Feb 18, 2026