Medium severity6.8NVD Advisory· Published Jan 26, 2021· Updated Jun 17, 2026
CVE-2020-27542
CVE-2020-27542
Description
Rostelecom CS-C2SHW 5.0.082.1 is affected by: Bash command injection. The camera reads configuration from QR code (including network settings). The static IP configuration from QR code is copied to the file /config/ip-static and after reboot data from this file is inserted into bash command (without any escaping). So bash injection is possible. Camera doesn't parse QR codes if it's already successfully configured. Camera is always rebooted after successful configuration via QR code.
Affected products
2- Rostelecom/CS-C2SHWdescription
- Range: 5.0.082.1
Patches
Vulnerability mechanics
References
1- dil4rd.medium.com/groundhog-day-in-iot-valley-or-5-cves-in-1-camera-7dc1d2864707nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.