VAR-201511-0051
Vulnerability from variot - Updated: 2025-04-13 23:21CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 use the same 001984 default PIN across different customers' installations, which allows remote attackers to execute commands by leveraging knowledge of this PIN and including it in an SMS message. CSL DualCom GPRS CS2300-R alarm signalling boards, firmware versions v1.25 to v3.53, contain multiple vulnerabilties. CSL DualCom GPRS CS2300-R is prone to the following multiple security vulnerabilities: 1. An authentication-bypass vulnerability 2. Multiple security-bypass weaknesses 3. A remote command-execution vulnerability 4. A security vulnerability An attacker can exploit these issues to bypass the authentication mechanism and gain unauthorized access to the affected system by conducting a man-in-the-middle attack, obtain sensitive information, conduct spoofing attacks and perform certain unauthorized actions. This may aid in further attacks. CSL DualCom GPRS CS2300-R SPT is an alarm signal board from CSL DualCom in the UK, it provides a communication link between the burglar alarm and the monitoring center, when the alarm sounds, the signal can be sent through the mobile network, ordinary telephone lines or the Internet sent to the monitoring center. The vulnerability is caused by the program using the same 001984 as the PIN code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201511-0051",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gprs cs2300-r",
"scope": "eq",
"trust": 1.6,
"vendor": "csl dualcom",
"version": "3.53"
},
{
"model": "gprs cs2300-r",
"scope": "eq",
"trust": 1.6,
"vendor": "csl dualcom",
"version": "1.25"
},
{
"model": "gprs",
"scope": "eq",
"trust": 0.8,
"vendor": "csl dualcom",
"version": "cs2300-r"
},
{
"model": "gprs cs2300-r",
"scope": "eq",
"trust": 0.8,
"vendor": "csl dualcom",
"version": "1.25 to 3.53"
},
{
"model": "dualcom gprs cs2300-r",
"scope": "eq",
"trust": 0.3,
"vendor": "csl",
"version": "3.53"
},
{
"model": "dualcom gprs cs2300-r",
"scope": "eq",
"trust": 0.3,
"vendor": "csl",
"version": "1.25"
}
],
"sources": [
{
"db": "BID",
"id": "77683"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006031"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-406"
},
{
"db": "NVD",
"id": "CVE-2015-7287"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:csl_dualcom:gprs",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:csl_dualcom:gprs_cs2300-r_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006031"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andrew Tierney",
"sources": [
{
"db": "BID",
"id": "77683"
}
],
"trust": 0.3
},
"cve": "CVE-2015-7287",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-7287",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-85248",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-7287",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-7287",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201511-406",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-85248",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85248"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006031"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-406"
},
{
"db": "NVD",
"id": "CVE-2015-7287"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 use the same 001984 default PIN across different customers\u0027 installations, which allows remote attackers to execute commands by leveraging knowledge of this PIN and including it in an SMS message. CSL DualCom GPRS CS2300-R alarm signalling boards, firmware versions v1.25 to v3.53, contain multiple vulnerabilties. CSL DualCom GPRS CS2300-R is prone to the following multiple security vulnerabilities:\n1. An authentication-bypass vulnerability\n2. Multiple security-bypass weaknesses\n3. A remote command-execution vulnerability\n4. A security vulnerability\nAn attacker can exploit these issues to bypass the authentication mechanism and gain unauthorized access to the affected system by conducting a man-in-the-middle attack, obtain sensitive information, conduct spoofing attacks and perform certain unauthorized actions. This may aid in further attacks. CSL DualCom GPRS CS2300-R SPT is an alarm signal board from CSL DualCom in the UK, it provides a communication link between the burglar alarm and the monitoring center, when the alarm sounds, the signal can be sent through the mobile network, ordinary telephone lines or the Internet sent to the monitoring center. The vulnerability is caused by the program using the same 001984 as the PIN code",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7287"
},
{
"db": "CERT/CC",
"id": "VU#428280"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006031"
},
{
"db": "BID",
"id": "77683"
},
{
"db": "VULHUB",
"id": "VHN-85248"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#428280",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2015-7287",
"trust": 2.8
},
{
"db": "JVN",
"id": "JVNVU94334814",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006031",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201511-406",
"trust": 0.6
},
{
"db": "BID",
"id": "77683",
"trust": 0.3
},
{
"db": "SEEBUG",
"id": "SSVID-89925",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-85248",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#428280"
},
{
"db": "VULHUB",
"id": "VHN-85248"
},
{
"db": "BID",
"id": "77683"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006031"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-406"
},
{
"db": "NVD",
"id": "CVE-2015-7287"
}
]
},
"id": "VAR-201511-0051",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-85248"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:21:14.647000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.csldual.com/uk/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006031"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85248"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006031"
},
{
"db": "NVD",
"id": "CVE-2015-7287"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/428280"
},
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/bluu-a3nqal"
},
{
"trust": 2.5,
"url": "http://cybergibbons.com/?p=2844"
},
{
"trust": 1.1,
"url": "http://www.csldual.com/uk/"
},
{
"trust": 1.1,
"url": "http://cybergibbons.com/security-2/csl-dualcom-cs2300-signalling-unit-vulnerabilities/"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/327.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/912.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7287"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu94334814/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7287"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#428280"
},
{
"db": "VULHUB",
"id": "VHN-85248"
},
{
"db": "BID",
"id": "77683"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006031"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-406"
},
{
"db": "NVD",
"id": "CVE-2015-7287"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#428280"
},
{
"db": "VULHUB",
"id": "VHN-85248"
},
{
"db": "BID",
"id": "77683"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006031"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-406"
},
{
"db": "NVD",
"id": "CVE-2015-7287"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-23T00:00:00",
"db": "CERT/CC",
"id": "VU#428280"
},
{
"date": "2015-11-25T00:00:00",
"db": "VULHUB",
"id": "VHN-85248"
},
{
"date": "2015-11-23T00:00:00",
"db": "BID",
"id": "77683"
},
{
"date": "2015-11-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006031"
},
{
"date": "2015-11-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-406"
},
{
"date": "2015-11-25T04:59:04.983000",
"db": "NVD",
"id": "CVE-2015-7287"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-23T00:00:00",
"db": "CERT/CC",
"id": "VU#428280"
},
{
"date": "2015-11-25T00:00:00",
"db": "VULHUB",
"id": "VHN-85248"
},
{
"date": "2015-11-23T00:00:00",
"db": "BID",
"id": "77683"
},
{
"date": "2015-11-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006031"
},
{
"date": "2015-11-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-406"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-7287"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-406"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CSL DualCom GPRS CS2300-R alarm signalling boards contain multiple vulnerabilties",
"sources": [
{
"db": "CERT/CC",
"id": "VU#428280"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-406"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…