Vulnerability Description
CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 do not require authentication from Alarm Receiving Center (ARC) servers, which allows man-in-the-middle attackers to bypass intended access restrictions via a spoofed HSxx response.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Csl Dualcom | Gprs Cs2300-R Firmware | 1.25 |
| Csl Dualcom | Gprs | cs2300-r |
Related Weaknesses (CWE)
References
- http://cybergibbons.com/?p=2844Exploit
- http://www.kb.cert.org/vuls/id/428280Third Party AdvisoryUS Government Resource
- http://www.kb.cert.org/vuls/id/BLUU-A3NQALThird Party AdvisoryUS Government Resource
- http://cybergibbons.com/?p=2844Exploit
- http://www.kb.cert.org/vuls/id/428280Third Party AdvisoryUS Government Resource
- http://www.kb.cert.org/vuls/id/BLUU-A3NQALThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2015-7285?
CVE-2015-7285 is a vulnerability with a CVSS score of 5.8 (MEDIUM). CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 do not require authentication from Alarm Receiving Center (ARC) servers, which allows man-in-the-middle attackers to bypass intended a...
How severe is CVE-2015-7285?
CVE-2015-7285 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-7285?
Check the references section above for vendor advisories and patch information. Affected products include: Csl Dualcom Gprs Cs2300-R Firmware, Csl Dualcom Gprs.