CVE-2015-7285

CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 do not require authentication from Alarm Receiving Center (ARC) servers, which allows man-in-the-middle attackers to bypass intended access restrictions via a spoofed HSxx response.
References
Link Resource
http://www.kb.cert.org/vuls/id/428280 Third Party Advisory US Government Resource
http://www.kb.cert.org/vuls/id/BLUU-A3NQAL Third Party Advisory US Government Resource
http://cybergibbons.com/?p=2844 Exploit
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:csl_dualcom:gprs_cs2300-r_firmware:1.25:*:*:*:*:*:*:*
cpe:2.3:o:csl_dualcom:gprs_cs2300-r_firmware:3.53:*:*:*:*:*:*:*
cpe:2.3:h:csl_dualcom:gprs:cs2300-r:*:*:*:*:*:*:*

Information

Published : 2015-11-24 20:59

Updated : 2015-11-25 10:27


NVD link : CVE-2015-7285

Mitre link : CVE-2015-7285


JSON object : View

CWE
CWE-287

Improper Authentication

Advertisement

dedicated server usa

Products Affected

csl_dualcom

  • gprs_cs2300-r_firmware
  • gprs