Sign-up

ID

VAR-201511-0049


CVE

CVE-2015-7285


TITLE

CSL DualCom GPRS CS2300-R alarm signalling boards contain multiple vulnerabilties

Trust: 0.8

sources: CERT/CC: VU#428280

DESCRIPTION

CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 do not require authentication from Alarm Receiving Center (ARC) servers, which allows man-in-the-middle attackers to bypass intended access restrictions via a spoofed HSxx response. CSL DualCom GPRS CS2300-R alarm signalling boards, firmware versions v1.25 to v3.53, contain multiple vulnerabilties. CSL DualCom GPRS CS2300-R is prone to the following multiple security vulnerabilities: 1. An authentication-bypass vulnerability 2. Multiple security-bypass weaknesses 3. A remote command-execution vulnerability 4. A security vulnerability An attacker can exploit these issues to bypass the authentication mechanism and gain unauthorized access to the affected system by conducting a man-in-the-middle attack, obtain sensitive information, conduct spoofing attacks and perform certain unauthorized actions. This may aid in further attacks. CSL DualCom GPRS CS2300-R SPT is an alarm signal board from CSL DualCom in the UK, it provides a communication link between the burglar alarm and the monitoring center, when the alarm sounds, the signal can be sent through the mobile network, ordinary telephone lines or the Internet sent to the monitoring center. A security vulnerability exists in the CSL DualCom GPRS CS2300-R SPT using firmware version 1.25 to 3.53 due to the fact that the program does not require mutual authentication to be performed

Trust: 2.7

sources: NVD: CVE-2015-7285 // CERT/CC: VU#428280 // JVNDB: JVNDB-2015-006029 // BID: 77683 // VULHUB: VHN-85246

AFFECTED PRODUCTS

vendor:csl dualcommodel:gprs cs2300-rscope:eqversion:3.53

Trust: 1.6

vendor:csl dualcommodel:gprs cs2300-rscope:eqversion:1.25

Trust: 1.6

vendor:csl dualcommodel:gprsscope:eqversion:cs2300-r

Trust: 0.8

vendor:csl dualcommodel:gprs cs2300-rscope:eqversion:1.25 to 3.53

Trust: 0.8

vendor:cslmodel:dualcom gprs cs2300-rscope:eqversion:3.53

Trust: 0.3

vendor:cslmodel:dualcom gprs cs2300-rscope:eqversion:1.25

Trust: 0.3

sources: BID: 77683 // JVNDB: JVNDB-2015-006029 // CNNVD: CNNVD-201511-408 // NVD: CVE-2015-7285

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7285
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-7285
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201511-408
value: MEDIUM

Trust: 0.6

VULHUB: VHN-85246
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-7285
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-85246
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-85246 // JVNDB: JVNDB-2015-006029 // CNNVD: CNNVD-201511-408 // NVD: CVE-2015-7285

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-85246 // JVNDB: JVNDB-2015-006029 // NVD: CVE-2015-7285

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201511-408

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201511-408

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006029

PATCH
title:Top Pageurl:http://www.csldual.com/uk/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-006029

EXTERNAL IDS
db:CERT/CCid:VU#428280
Trust: 3.6
db:NVDid:CVE-2015-7285
Trust: 2.8
db:JVNid:JVNVU94334814
Trust: 0.8
db:JVNDBid:JVNDB-2015-006029
Trust: 0.8
db:CNNVDid:CNNVD-201511-408
Trust: 0.7
db:BIDid:77683
Trust: 0.3
db:SEEBUGid:SSVID-89926
Trust: 0.1
db:VULHUBid:VHN-85246
Trust: 0.1
sources:
            
            
            CERT/CC: VU#428280 // 
            
            
            
            VULHUB: VHN-85246 // 
            
            
            
            BID: 77683 // 
            
            
            
            JVNDB: JVNDB-2015-006029 // 
            
            
            
            CNNVD: CNNVD-201511-408 // 
            
            
            
            NVD: CVE-2015-7285

REFERENCES
url:http://www.kb.cert.org/vuls/id/428280
Trust: 2.8
url:http://www.kb.cert.org/vuls/id/bluu-a3nqal
Trust: 2.8
url:http://cybergibbons.com/?p=2844
Trust: 2.5
url:http://www.csldual.com/uk/
Trust: 1.1
url:http://cybergibbons.com/security-2/csl-dualcom-cs2300-signalling-unit-vulnerabilities/
Trust: 1.1
url:https://cwe.mitre.org/data/definitions/287.html
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/327.html
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/255.html
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/912.html
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7285
Trust: 0.8
url:http://jvn.jp/vu/jvnvu94334814/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7285
Trust: 0.8
sources:
            
            
            CERT/CC: VU#428280 // 
            
            
            
            VULHUB: VHN-85246 // 
            
            
            
            BID: 77683 // 
            
            
            
            JVNDB: JVNDB-2015-006029 // 
            
            
            
            CNNVD: CNNVD-201511-408 // 
            
            
            
            NVD: CVE-2015-7285

CREDITS
Andrew Tierney
Trust: 0.3
sources:
            
            
            BID: 77683

SOURCES
db:CERT/CCid:VU#428280
db:VULHUBid:VHN-85246
db:BIDid:77683
db:JVNDBid:JVNDB-2015-006029
db:CNNVDid:CNNVD-201511-408
db:NVDid:CVE-2015-7285

LAST UPDATE DATE
2025-04-13T23:21:14.615000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#428280date:2015-11-23T00:00:00
db:VULHUBid:VHN-85246date:2015-11-25T00:00:00
db:BIDid:77683date:2015-11-23T00:00:00
db:JVNDBid:JVNDB-2015-006029date:2015-11-26T00:00:00
db:CNNVDid:CNNVD-201511-408date:2015-11-26T00:00:00
db:NVDid:CVE-2015-7285date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CERT/CCid:VU#428280date:2015-11-23T00:00:00
db:VULHUBid:VHN-85246date:2015-11-25T00:00:00
db:BIDid:77683date:2015-11-23T00:00:00
db:JVNDBid:JVNDB-2015-006029date:2015-11-26T00:00:00
db:CNNVDid:CNNVD-201511-408date:2015-11-24T00:00:00
db:NVDid:CVE-2015-7285date:2015-11-25T04:59:01.840