Vulnerability Description
CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 use the same 001984 default PIN across different customers' installations, which allows remote attackers to execute commands by leveraging knowledge of this PIN and including it in an SMS message.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Csl Dualcom | Gprs Cs2300-R Firmware | 1.25 |
| Csl Dualcom | Gprs | cs2300-r |
Related Weaknesses (CWE)
References
- http://cybergibbons.com/?p=2844Exploit
- http://www.kb.cert.org/vuls/id/428280Third Party AdvisoryUS Government Resource
- http://www.kb.cert.org/vuls/id/BLUU-A3NQALThird Party AdvisoryUS Government Resource
- http://cybergibbons.com/?p=2844Exploit
- http://www.kb.cert.org/vuls/id/428280Third Party AdvisoryUS Government Resource
- http://www.kb.cert.org/vuls/id/BLUU-A3NQALThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2015-7287?
CVE-2015-7287 is a vulnerability with a CVSS score of 7.5 (HIGH). CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 use the same 001984 default PIN across different customers' installations, which allows remote attackers to execute commands by levera...
How severe is CVE-2015-7287?
CVE-2015-7287 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-7287?
Check the references section above for vendor advisories and patch information. Affected products include: Csl Dualcom Gprs Cs2300-R Firmware, Csl Dualcom Gprs.