Sign-up

ID

VAR-201511-0051


CVE

CVE-2015-7287


TITLE

CSL DualCom GPRS CS2300-R alarm signalling boards contain multiple vulnerabilties

Trust: 0.8

sources: CERT/CC: VU#428280

DESCRIPTION

CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 use the same 001984 default PIN across different customers' installations, which allows remote attackers to execute commands by leveraging knowledge of this PIN and including it in an SMS message. CSL DualCom GPRS CS2300-R alarm signalling boards, firmware versions v1.25 to v3.53, contain multiple vulnerabilties. CSL DualCom GPRS CS2300-R is prone to the following multiple security vulnerabilities: 1. An authentication-bypass vulnerability 2. Multiple security-bypass weaknesses 3. A remote command-execution vulnerability 4. A security vulnerability An attacker can exploit these issues to bypass the authentication mechanism and gain unauthorized access to the affected system by conducting a man-in-the-middle attack, obtain sensitive information, conduct spoofing attacks and perform certain unauthorized actions. This may aid in further attacks. CSL DualCom GPRS CS2300-R SPT is an alarm signal board from CSL DualCom in the UK, it provides a communication link between the burglar alarm and the monitoring center, when the alarm sounds, the signal can be sent through the mobile network, ordinary telephone lines or the Internet sent to the monitoring center. The vulnerability is caused by the program using the same 001984 as the PIN code

Trust: 2.7

sources: NVD: CVE-2015-7287 // CERT/CC: VU#428280 // JVNDB: JVNDB-2015-006031 // BID: 77683 // VULHUB: VHN-85248

AFFECTED PRODUCTS

vendor:csl dualcommodel:gprs cs2300-rscope:eqversion:3.53

Trust: 1.6

vendor:csl dualcommodel:gprs cs2300-rscope:eqversion:1.25

Trust: 1.6

vendor:csl dualcommodel:gprsscope:eqversion:cs2300-r

Trust: 0.8

vendor:csl dualcommodel:gprs cs2300-rscope:eqversion:1.25 to 3.53

Trust: 0.8

vendor:cslmodel:dualcom gprs cs2300-rscope:eqversion:3.53

Trust: 0.3

vendor:cslmodel:dualcom gprs cs2300-rscope:eqversion:1.25

Trust: 0.3

sources: BID: 77683 // JVNDB: JVNDB-2015-006031 // CNNVD: CNNVD-201511-406 // NVD: CVE-2015-7287

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7287
value: HIGH

Trust: 1.0

NVD: CVE-2015-7287
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201511-406
value: HIGH

Trust: 0.6

VULHUB: VHN-85248
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-7287
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-85248
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-85248 // JVNDB: JVNDB-2015-006031 // CNNVD: CNNVD-201511-406 // NVD: CVE-2015-7287

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

sources: VULHUB: VHN-85248 // JVNDB: JVNDB-2015-006031 // NVD: CVE-2015-7287

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201511-406

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201511-406

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006031

PATCH
title:Top Pageurl:http://www.csldual.com/uk/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-006031

EXTERNAL IDS
db:CERT/CCid:VU#428280
Trust: 3.6
db:NVDid:CVE-2015-7287
Trust: 2.8
db:JVNid:JVNVU94334814
Trust: 0.8
db:JVNDBid:JVNDB-2015-006031
Trust: 0.8
db:CNNVDid:CNNVD-201511-406
Trust: 0.6
db:BIDid:77683
Trust: 0.3
db:SEEBUGid:SSVID-89925
Trust: 0.1
db:VULHUBid:VHN-85248
Trust: 0.1
sources:
            
            
            CERT/CC: VU#428280 // 
            
            
            
            VULHUB: VHN-85248 // 
            
            
            
            BID: 77683 // 
            
            
            
            JVNDB: JVNDB-2015-006031 // 
            
            
            
            CNNVD: CNNVD-201511-406 // 
            
            
            
            NVD: CVE-2015-7287

REFERENCES
url:http://www.kb.cert.org/vuls/id/428280
Trust: 2.8
url:http://www.kb.cert.org/vuls/id/bluu-a3nqal
Trust: 2.8
url:http://cybergibbons.com/?p=2844
Trust: 2.5
url:http://www.csldual.com/uk/
Trust: 1.1
url:http://cybergibbons.com/security-2/csl-dualcom-cs2300-signalling-unit-vulnerabilities/
Trust: 1.1
url:https://cwe.mitre.org/data/definitions/287.html
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/327.html
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/255.html
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/912.html
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7287
Trust: 0.8
url:http://jvn.jp/vu/jvnvu94334814/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7287
Trust: 0.8
sources:
            
            
            CERT/CC: VU#428280 // 
            
            
            
            VULHUB: VHN-85248 // 
            
            
            
            BID: 77683 // 
            
            
            
            JVNDB: JVNDB-2015-006031 // 
            
            
            
            CNNVD: CNNVD-201511-406 // 
            
            
            
            NVD: CVE-2015-7287

CREDITS
Andrew Tierney
Trust: 0.3
sources:
            
            
            BID: 77683

SOURCES
db:CERT/CCid:VU#428280
db:VULHUBid:VHN-85248
db:BIDid:77683
db:JVNDBid:JVNDB-2015-006031
db:CNNVDid:CNNVD-201511-406
db:NVDid:CVE-2015-7287

LAST UPDATE DATE
2025-04-13T23:21:14.647000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#428280date:2015-11-23T00:00:00
db:VULHUBid:VHN-85248date:2015-11-25T00:00:00
db:BIDid:77683date:2015-11-23T00:00:00
db:JVNDBid:JVNDB-2015-006031date:2015-11-26T00:00:00
db:CNNVDid:CNNVD-201511-406date:2015-11-26T00:00:00
db:NVDid:CVE-2015-7287date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CERT/CCid:VU#428280date:2015-11-23T00:00:00
db:VULHUBid:VHN-85248date:2015-11-25T00:00:00
db:BIDid:77683date:2015-11-23T00:00:00
db:JVNDBid:JVNDB-2015-006031date:2015-11-26T00:00:00
db:CNNVDid:CNNVD-201511-406date:2015-11-24T00:00:00
db:NVDid:CVE-2015-7287date:2015-11-25T04:59:04.983