CVE-2015-7285

CSL DualCom GPRS CS2300-R Firmware 1.25-3.53 - Unauthenticated Access via Spoofed HSxx Response

Title source: llm
STIX 2.1

Description

CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 do not require authentication from Alarm Receiving Center (ARC) servers, which allows man-in-the-middle attackers to bypass intended access restrictions via a spoofed HSxx response.

References (3)

Core 3
Core References
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/428280
Exploit x_refsource_misc
http://cybergibbons.com/?p=2844
Third Party Advisory, US Government Resource x_refsource_confirm
http://www.kb.cert.org/vuls/id/BLUU-A3NQAL

Scores

EPSS 0.0150
EPSS Percentile 71.0%

Details

CWE
CWE-287
Status published
Products (2)
csl_dualcom/gprs_cs2300-r_firmware 1.25
csl_dualcom/gprs_cs2300-r_firmware 3.53
Published Nov 25, 2015
Tracked Since Feb 18, 2026