cve/CVE-2020-27540.md at dbfbb8e02084f96aea36f4d2c490fa8b62f14b0a

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-12-30 04:49:42 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

Bash injection vulnerability and bypass of signature verification in Rostelecom CS-C2SHW 5.0.082.1. The camera reads firmware update configuration from SD card file vc\version.json. fw-sign parameter and from this configuration is directly inserted into a bash command. Firmware update is run automatically if there is special file on the inserted SD card.

POC

Reference

https://dil4rd.medium.com/groundhog-day-in-iot-valley-or-5-cves-in-1-camera-7dc1d2864707

Github

No PoCs found on GitHub currently.

867 B Raw Blame History

CVE-2020-27540

Description

POC

Reference

Github

867 B

Raw Blame History