Security Advisory

CVE-2020-27540

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-01-25 20:17:20

Last updated 2024-08-04 16:18:44

Assigner mitre

State PUBLISHED

Description

Bash injection vulnerability and bypass of signature verification in Rostelecom CS-C2SHW 5.0.082.1. The camera reads firmware update configuration from SD card file vcversion.json. fw-sign parameter and from this configuration is directly inserted into a bash command. Firmware update is run automatically if there is special file on the inserted SD card.

← Browse all CVEs View on cve.org ↗