CVE-2020-27540

Bash injection vulnerability and bypass of signature verification in Rostelecom CS-C2SHW 5.0.082.1. The camera reads firmware update configuration from SD card file vcversion.json. fw-sign parameter and from this configuration is directly inserted into a bash command. Firmware update is run automatically if there is special file on the inserted SD card.
Configurations

Configuration 1


Information

Published : 2021-01-26 06:15

Updated : 2021-02-02 06:53


NVD link : CVE-2020-27540

Mitre link : CVE-2020-27540

Products Affected
No products.
CWE
CWE-347

Improper Verification of Cryptographic Signature