Vulnerability Description
CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 rely on a polyalphabetic substitution cipher with hardcoded keys, which makes it easier for remote attackers to defeat a cryptographic protection mechanism by capturing IP or V.22bis PSTN protocol traffic.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Csl Dualcom | Gprs Cs2300-R Firmware | 1.25 |
| Csl Dualcom | Gprs | cs2300-r |
Related Weaknesses (CWE)
References
- http://cybergibbons.com/?p=2844Exploit
- http://www.kb.cert.org/vuls/id/428280Third Party AdvisoryUS Government Resource
- http://www.kb.cert.org/vuls/id/BLUU-A3NQALThird Party AdvisoryUS Government Resource
- http://cybergibbons.com/?p=2844Exploit
- http://www.kb.cert.org/vuls/id/428280Third Party AdvisoryUS Government Resource
- http://www.kb.cert.org/vuls/id/BLUU-A3NQALThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2015-7286?
CVE-2015-7286 is a vulnerability with a CVSS score of 6.4 (MEDIUM). CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 rely on a polyalphabetic substitution cipher with hardcoded keys, which makes it easier for remote attackers to defeat a cryptographic...
How severe is CVE-2015-7286?
CVE-2015-7286 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-7286?
Check the references section above for vendor advisories and patch information. Affected products include: Csl Dualcom Gprs Cs2300-R Firmware, Csl Dualcom Gprs.