Details of VAR-201511-0050

ID

VAR-201511-0050

CVE

CVE-2015-7286

TITLE

CSL DualCom GPRS CS2300-R alarm signalling boards contain multiple vulnerabilties

Trust: 0.8

sources: CERT/CC: VU#428280

DESCRIPTION

CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 rely on a polyalphabetic substitution cipher with hardcoded keys, which makes it easier for remote attackers to defeat a cryptographic protection mechanism by capturing IP or V.22bis PSTN protocol traffic. CSL DualCom GPRS CS2300-R alarm signalling boards, firmware versions v1.25 to v3.53, contain multiple vulnerabilties. CSL DualCom GPRS CS2300-R is prone to the following multiple security vulnerabilities: 1. An authentication-bypass vulnerability 2. Multiple security-bypass weaknesses 3. A remote command-execution vulnerability 4. A security vulnerability An attacker can exploit these issues to bypass the authentication mechanism and gain unauthorized access to the affected system by conducting a man-in-the-middle attack, obtain sensitive information, conduct spoofing attacks and perform certain unauthorized actions. This may aid in further attacks. CSL DualCom GPRS CS2300-R SPT is an alarm signal board from CSL DualCom in the UK, it provides a communication link between the burglar alarm and the monitoring center, when the alarm sounds, the signal can be sent through the mobile network, ordinary telephone lines or the Internet sent to the monitoring center

Trust: 2.7

sources: NVD: CVE-2015-7286 // CERT/CC: VU#428280 // JVNDB: JVNDB-2015-006030 // BID: 77683 // VULHUB: VHN-85247

AFFECTED PRODUCTS

vendor:	csl dualcom	model:	gprs cs2300-r	scope:	eq	version:	3.53	Trust: 1.6
vendor:	csl dualcom	model:	gprs cs2300-r	scope:	eq	version:	1.25	Trust: 1.6
vendor:	csl dualcom	model:	gprs	scope:	eq	version:	cs2300-r	Trust: 0.8
vendor:	csl dualcom	model:	gprs cs2300-r	scope:	eq	version:	1.25 to 3.53	Trust: 0.8
vendor:	csl	model:	dualcom gprs cs2300-r	scope:	eq	version:	3.53	Trust: 0.3
vendor:	csl	model:	dualcom gprs cs2300-r	scope:	eq	version:	1.25	Trust: 0.3

sources: BID: 77683 // JVNDB: JVNDB-2015-006030 // CNNVD: CNNVD-201511-407 // NVD: CVE-2015-7286

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-7286
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-7286
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201511-407
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-85247
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-7286
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-85247
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-85247 // JVNDB: JVNDB-2015-006030 // CNNVD: CNNVD-201511-407 // NVD: CVE-2015-7286

PROBLEMTYPE DATA

problemtype:	CWE-310	Trust: 1.9
problemtype:	CWE-Other	Trust: 0.8

sources: VULHUB: VHN-85247 // JVNDB: JVNDB-2015-006030 // NVD: CVE-2015-7286

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201511-407

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201511-407

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-006030

PATCH

title:

Top Page

url:

http://www.csldual.com/uk/

Trust: 0.8

sources: JVNDB: JVNDB-2015-006030

EXTERNAL IDS

db:	CERT/CC	id:	VU#428280	Trust: 3.6
db:	NVD	id:	CVE-2015-7286	Trust: 2.8
db:	JVN	id:	JVNVU94334814	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-006030	Trust: 0.8
db:	CNNVD	id:	CNNVD-201511-407	Trust: 0.6
db:	BID	id:	77683	Trust: 0.3
db:	VULHUB	id:	VHN-85247	Trust: 0.1

sources: CERT/CC: VU#428280 // VULHUB: VHN-85247 // BID: 77683 // JVNDB: JVNDB-2015-006030 // CNNVD: CNNVD-201511-407 // NVD: CVE-2015-7286

REFERENCES

url:	http://www.kb.cert.org/vuls/id/428280	Trust: 2.8
url:	http://www.kb.cert.org/vuls/id/bluu-a3nqal	Trust: 2.8
url:	http://cybergibbons.com/?p=2844	Trust: 2.5
url:	http://www.csldual.com/uk/	Trust: 1.1
url:	http://cybergibbons.com/security-2/csl-dualcom-cs2300-signalling-unit-vulnerabilities/	Trust: 1.1
url:	https://cwe.mitre.org/data/definitions/287.html	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/327.html	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/255.html	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/912.html	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7286	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu94334814/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7286	Trust: 0.8

sources: CERT/CC: VU#428280 // VULHUB: VHN-85247 // BID: 77683 // JVNDB: JVNDB-2015-006030 // CNNVD: CNNVD-201511-407 // NVD: CVE-2015-7286

CREDITS

Andrew Tierney

Trust: 0.3

sources: BID: 77683

SOURCES

db:	CERT/CC	id:	VU#428280
db:	VULHUB	id:	VHN-85247
db:	BID	id:	77683
db:	JVNDB	id:	JVNDB-2015-006030
db:	CNNVD	id:	CNNVD-201511-407
db:	NVD	id:	CVE-2015-7286

LAST UPDATE DATE

2025-04-13T23:21:14.550000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#428280	date:	2015-11-23T00:00:00
db:	VULHUB	id:	VHN-85247	date:	2015-11-27T00:00:00
db:	BID	id:	77683	date:	2015-11-23T00:00:00
db:	JVNDB	id:	JVNDB-2015-006030	date:	2015-11-26T00:00:00
db:	CNNVD	id:	CNNVD-201511-407	date:	2015-11-26T00:00:00
db:	NVD	id:	CVE-2015-7286	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#428280	date:	2015-11-23T00:00:00
db:	VULHUB	id:	VHN-85247	date:	2015-11-25T00:00:00
db:	BID	id:	77683	date:	2015-11-23T00:00:00
db:	JVNDB	id:	JVNDB-2015-006030	date:	2015-11-26T00:00:00
db:	CNNVD	id:	CNNVD-201511-407	date:	2015-11-24T00:00:00
db:	NVD	id:	CVE-2015-7286	date:	2015-11-25T04:59:03.527