CVE-2015-7285

CSL Dualcom Gprs Cs2300-r Firmware - Authentication Bypass

Title source: rule

Description

CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 do not require authentication from Alarm Receiving Center (ARC) servers, which allows man-in-the-middle attackers to bypass intended access restrictions via a spoofed HSxx response.

References (3)

[Exploit] http://cybergibbons.com/?p=2844

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/428280

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/BLUU-A3NQAL

Scores

EPSS 0.0051

EPSS Percentile 66.2%

Classification

CWE

CWE-287

Status draft

Affected Products (2)

csl_dualcom/gprs_cs2300-r_firmware

Timeline

Published Nov 25, 2015

Tracked Since Feb 18, 2026