Sign-up

ID

VAR-201511-0052


CVE

CVE-2015-7288


TITLE

CSL DualCom GPRS CS2300-R alarm signalling boards contain multiple vulnerabilties

Trust: 0.8

sources: CERT/CC: VU#428280

DESCRIPTION

CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 allow remote attackers to modify the configuration via a command in an SMS message, as demonstrated by a "4 2" command. CSL DualCom GPRS CS2300-R alarm signalling boards, firmware versions v1.25 to v3.53, contain multiple vulnerabilties. CSL DualCom GPRS CS2300-R There is a vulnerability in the device firmware that can be changed. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. http://cwe.mitre.org/data/definitions/254.html In addition, JVNVU#94334814 Then CWE-912 It is published as CWE-912: Hidden Functionality https://cwe.mitre.org/data/definitions/912.htmlBy a third party SMS The setting may be changed via a message command. CSL DualCom GPRS CS2300-R is prone to the following multiple security vulnerabilities: 1. An authentication-bypass vulnerability 2. Multiple security-bypass weaknesses 3. A remote command-execution vulnerability 4. A security vulnerability An attacker can exploit these issues to bypass the authentication mechanism and gain unauthorized access to the affected system by conducting a man-in-the-middle attack, obtain sensitive information, conduct spoofing attacks and perform certain unauthorized actions. This may aid in further attacks. CSL DualCom GPRS CS2300-R SPT is an alarm signal board from CSL DualCom in the UK, it provides a communication link between the burglar alarm and the monitoring center, when the alarm sounds, the signal can be sent through the mobile network, ordinary telephone lines or the Internet sent to the monitoring center. The vulnerability is due to the illegal SMS command contained in the program

Trust: 2.7

sources: NVD: CVE-2015-7288 // CERT/CC: VU#428280 // JVNDB: JVNDB-2015-006032 // BID: 77683 // VULHUB: VHN-85249

AFFECTED PRODUCTS

vendor:csl dualcommodel:gprs cs2300-rscope:eqversion:3.53

Trust: 1.6

vendor:csl dualcommodel:gprs cs2300-rscope:eqversion:1.25

Trust: 1.6

vendor:csl dualcommodel:gprsscope:eqversion:cs2300-r

Trust: 0.8

vendor:csl dualcommodel:gprs cs2300-rscope:eqversion:1.25 to 3.53

Trust: 0.8

vendor:cslmodel:dualcom gprs cs2300-rscope:eqversion:3.53

Trust: 0.3

vendor:cslmodel:dualcom gprs cs2300-rscope:eqversion:1.25

Trust: 0.3

sources: BID: 77683 // JVNDB: JVNDB-2015-006032 // CNNVD: CNNVD-201511-405 // NVD: CVE-2015-7288

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7288
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-7288
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201511-405
value: MEDIUM

Trust: 0.6

VULHUB: VHN-85249
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-7288
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-85249
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-85249 // JVNDB: JVNDB-2015-006032 // CNNVD: CNNVD-201511-405 // NVD: CVE-2015-7288

PROBLEMTYPE DATA

problemtype:CWE-254

Trust: 1.1

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-85249 // JVNDB: JVNDB-2015-006032 // NVD: CVE-2015-7288

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201511-405

TYPE

Design Error

Trust: 0.3

sources: BID: 77683

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006032

PATCH
title:Top Pageurl:http://www.csldual.com/uk/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-006032

EXTERNAL IDS
db:CERT/CCid:VU#428280
Trust: 3.6
db:NVDid:CVE-2015-7288
Trust: 2.8
db:JVNid:JVNVU94334814
Trust: 0.8
db:JVNDBid:JVNDB-2015-006032
Trust: 0.8
db:CNNVDid:CNNVD-201511-405
Trust: 0.7
db:BIDid:77683
Trust: 0.3
db:VULHUBid:VHN-85249
Trust: 0.1
sources:
            
            
            CERT/CC: VU#428280 // 
            
            
            
            VULHUB: VHN-85249 // 
            
            
            
            BID: 77683 // 
            
            
            
            JVNDB: JVNDB-2015-006032 // 
            
            
            
            CNNVD: CNNVD-201511-405 // 
            
            
            
            NVD: CVE-2015-7288

REFERENCES
url:http://www.kb.cert.org/vuls/id/428280
Trust: 2.8
url:http://www.kb.cert.org/vuls/id/bluu-a3nqal
Trust: 2.8
url:http://cybergibbons.com/?p=2844
Trust: 2.5
url:http://www.csldual.com/uk/
Trust: 1.1
url:http://cybergibbons.com/security-2/csl-dualcom-cs2300-signalling-unit-vulnerabilities/
Trust: 1.1
url:https://cwe.mitre.org/data/definitions/287.html
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/327.html
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/255.html
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/912.html
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7288
Trust: 0.8
url:http://jvn.jp/vu/jvnvu94334814/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7288
Trust: 0.8
sources:
            
            
            CERT/CC: VU#428280 // 
            
            
            
            VULHUB: VHN-85249 // 
            
            
            
            BID: 77683 // 
            
            
            
            JVNDB: JVNDB-2015-006032 // 
            
            
            
            CNNVD: CNNVD-201511-405 // 
            
            
            
            NVD: CVE-2015-7288

CREDITS
Andrew Tierney
Trust: 0.3
sources:
            
            
            BID: 77683

SOURCES
db:CERT/CCid:VU#428280
db:VULHUBid:VHN-85249
db:BIDid:77683
db:JVNDBid:JVNDB-2015-006032
db:CNNVDid:CNNVD-201511-405
db:NVDid:CVE-2015-7288

LAST UPDATE DATE
2025-04-13T23:21:14.582000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#428280date:2015-11-23T00:00:00
db:VULHUBid:VHN-85249date:2015-11-25T00:00:00
db:BIDid:77683date:2015-11-23T00:00:00
db:JVNDBid:JVNDB-2015-006032date:2015-11-26T00:00:00
db:CNNVDid:CNNVD-201511-405date:2015-11-26T00:00:00
db:NVDid:CVE-2015-7288date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CERT/CCid:VU#428280date:2015-11-23T00:00:00
db:VULHUBid:VHN-85249date:2015-11-25T00:00:00
db:BIDid:77683date:2015-11-23T00:00:00
db:JVNDBid:JVNDB-2015-006032date:2015-11-26T00:00:00
db:CNNVDid:CNNVD-201511-405date:2015-11-24T00:00:00
db:NVDid:CVE-2015-7288date:2015-11-25T04:59:06.233