Critical severity9.8NVD Advisory· Published Jan 26, 2021· Updated Jun 17, 2026
CVE-2020-27539
CVE-2020-27539
Description
Heap overflow with full parsing of HTTP respose in Rostelecom CS-C2SHW 5.0.082.1. AgentUpdater service has a self-written HTTP parser and builder. HTTP parser has a heap buffer overflow (OOB write). In default configuration camera parses responses only from HTTPS URLs from config file, so vulnerable code is unreachable and one more bug required to reach it.
Affected products
2- Rostelecom/CS-C2SHWdescription
- Range: 5.0.082.1
Patches
Vulnerability mechanics
References
1- dil4rd.medium.com/groundhog-day-in-iot-valley-or-5-cves-in-1-camera-7dc1d2864707nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.