VAR-201511-0050
Vulnerability from variot - Updated: 2025-04-13 23:21CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 rely on a polyalphabetic substitution cipher with hardcoded keys, which makes it easier for remote attackers to defeat a cryptographic protection mechanism by capturing IP or V.22bis PSTN protocol traffic. CSL DualCom GPRS CS2300-R alarm signalling boards, firmware versions v1.25 to v3.53, contain multiple vulnerabilties. CSL DualCom GPRS CS2300-R is prone to the following multiple security vulnerabilities: 1. An authentication-bypass vulnerability 2. Multiple security-bypass weaknesses 3. A remote command-execution vulnerability 4. A security vulnerability An attacker can exploit these issues to bypass the authentication mechanism and gain unauthorized access to the affected system by conducting a man-in-the-middle attack, obtain sensitive information, conduct spoofing attacks and perform certain unauthorized actions. This may aid in further attacks. CSL DualCom GPRS CS2300-R SPT is an alarm signal board from CSL DualCom in the UK, it provides a communication link between the burglar alarm and the monitoring center, when the alarm sounds, the signal can be sent through the mobile network, ordinary telephone lines or the Internet sent to the monitoring center
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201511-0050",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gprs cs2300-r",
"scope": "eq",
"trust": 1.6,
"vendor": "csl dualcom",
"version": "3.53"
},
{
"model": "gprs cs2300-r",
"scope": "eq",
"trust": 1.6,
"vendor": "csl dualcom",
"version": "1.25"
},
{
"model": "gprs",
"scope": "eq",
"trust": 0.8,
"vendor": "csl dualcom",
"version": "cs2300-r"
},
{
"model": "gprs cs2300-r",
"scope": "eq",
"trust": 0.8,
"vendor": "csl dualcom",
"version": "1.25 to 3.53"
},
{
"model": "dualcom gprs cs2300-r",
"scope": "eq",
"trust": 0.3,
"vendor": "csl",
"version": "3.53"
},
{
"model": "dualcom gprs cs2300-r",
"scope": "eq",
"trust": 0.3,
"vendor": "csl",
"version": "1.25"
}
],
"sources": [
{
"db": "BID",
"id": "77683"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006030"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-407"
},
{
"db": "NVD",
"id": "CVE-2015-7286"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:csl_dualcom:gprs",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:csl_dualcom:gprs_cs2300-r_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006030"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andrew Tierney",
"sources": [
{
"db": "BID",
"id": "77683"
}
],
"trust": 0.3
},
"cve": "CVE-2015-7286",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-7286",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-85247",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-7286",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-7286",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201511-407",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-85247",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85247"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006030"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-407"
},
{
"db": "NVD",
"id": "CVE-2015-7286"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 rely on a polyalphabetic substitution cipher with hardcoded keys, which makes it easier for remote attackers to defeat a cryptographic protection mechanism by capturing IP or V.22bis PSTN protocol traffic. CSL DualCom GPRS CS2300-R alarm signalling boards, firmware versions v1.25 to v3.53, contain multiple vulnerabilties. CSL DualCom GPRS CS2300-R is prone to the following multiple security vulnerabilities:\n1. An authentication-bypass vulnerability\n2. Multiple security-bypass weaknesses\n3. A remote command-execution vulnerability\n4. A security vulnerability\nAn attacker can exploit these issues to bypass the authentication mechanism and gain unauthorized access to the affected system by conducting a man-in-the-middle attack, obtain sensitive information, conduct spoofing attacks and perform certain unauthorized actions. This may aid in further attacks. CSL DualCom GPRS CS2300-R SPT is an alarm signal board from CSL DualCom in the UK, it provides a communication link between the burglar alarm and the monitoring center, when the alarm sounds, the signal can be sent through the mobile network, ordinary telephone lines or the Internet sent to the monitoring center",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7286"
},
{
"db": "CERT/CC",
"id": "VU#428280"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006030"
},
{
"db": "BID",
"id": "77683"
},
{
"db": "VULHUB",
"id": "VHN-85247"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#428280",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2015-7286",
"trust": 2.8
},
{
"db": "JVN",
"id": "JVNVU94334814",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006030",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201511-407",
"trust": 0.6
},
{
"db": "BID",
"id": "77683",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-85247",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#428280"
},
{
"db": "VULHUB",
"id": "VHN-85247"
},
{
"db": "BID",
"id": "77683"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006030"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-407"
},
{
"db": "NVD",
"id": "CVE-2015-7286"
}
]
},
"id": "VAR-201511-0050",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-85247"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:21:14.550000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.csldual.com/uk/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006030"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85247"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006030"
},
{
"db": "NVD",
"id": "CVE-2015-7286"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/428280"
},
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/bluu-a3nqal"
},
{
"trust": 2.5,
"url": "http://cybergibbons.com/?p=2844"
},
{
"trust": 1.1,
"url": "http://www.csldual.com/uk/"
},
{
"trust": 1.1,
"url": "http://cybergibbons.com/security-2/csl-dualcom-cs2300-signalling-unit-vulnerabilities/"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/327.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/912.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7286"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu94334814/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7286"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#428280"
},
{
"db": "VULHUB",
"id": "VHN-85247"
},
{
"db": "BID",
"id": "77683"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006030"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-407"
},
{
"db": "NVD",
"id": "CVE-2015-7286"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#428280"
},
{
"db": "VULHUB",
"id": "VHN-85247"
},
{
"db": "BID",
"id": "77683"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006030"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-407"
},
{
"db": "NVD",
"id": "CVE-2015-7286"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-23T00:00:00",
"db": "CERT/CC",
"id": "VU#428280"
},
{
"date": "2015-11-25T00:00:00",
"db": "VULHUB",
"id": "VHN-85247"
},
{
"date": "2015-11-23T00:00:00",
"db": "BID",
"id": "77683"
},
{
"date": "2015-11-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006030"
},
{
"date": "2015-11-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-407"
},
{
"date": "2015-11-25T04:59:03.527000",
"db": "NVD",
"id": "CVE-2015-7286"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-23T00:00:00",
"db": "CERT/CC",
"id": "VU#428280"
},
{
"date": "2015-11-27T00:00:00",
"db": "VULHUB",
"id": "VHN-85247"
},
{
"date": "2015-11-23T00:00:00",
"db": "BID",
"id": "77683"
},
{
"date": "2015-11-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006030"
},
{
"date": "2015-11-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-407"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-7286"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-407"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CSL DualCom GPRS CS2300-R alarm signalling boards contain multiple vulnerabilties",
"sources": [
{
"db": "CERT/CC",
"id": "VU#428280"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-407"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…