CVE-2020-27542

{"id": "CVE-2020-27542", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}]}, "published": "2021-01-26T18:15:46.240", "references": [{"url": "https://dil4rd.medium.com/groundhog-day-in-iot-valley-or-5-cves-in-1-camera-7dc1d2864707", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://dil4rd.medium.com/groundhog-day-in-iot-valley-or-5-cves-in-1-camera-7dc1d2864707", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "Rostelecom CS-C2SHW 5.0.082.1 is affected by: Bash command injection. The camera reads configuration from QR code (including network settings). The static IP configuration from QR code is copied to the file /config/ip-static and after reboot data from this file is inserted into bash command (without any escaping). So bash injection is possible. Camera doesn't parse QR codes if it's already successfully configured. Camera is always rebooted after successful configuration via QR code."}, {"lang": "es", "value": "Rostelecom CS-C2SHW versi\u00f3n 5.0.082.1, est\u00e1 afectado por: una Inyecci\u00f3n de comando Bash. La c\u00e1mara lee la configuraci\u00f3n del c\u00f3digo QR (incluyendo la configuraci\u00f3n de red). La configuraci\u00f3n de la IP est\u00e1tica del c\u00f3digo QR se copia al archivo /config/ip-static y despu\u00e9s de reiniciar los datos de este archivo es insertado en el comando bash (sin ning\u00fan escape). Entonces la inyecci\u00f3n bash es posible. La c\u00e1mara no analiza los c\u00f3digos QR si ya est\u00e1 configurada con \u00e9xito. La c\u00e1mara siempre se reinicia despu\u00e9s de una configuraci\u00f3n con \u00e9xito por medio del c\u00f3digo QR"}], "lastModified": "2024-11-21T05:21:20.550", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:company:cs-c2shw_firmware:5.0.082.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA2108A4-A3BF-4ECE-99E7-9EE9233063EB"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:company:cs-c2shw:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C1CC4768-6258-44B3-9290-AF21DDB6E728"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}