VAR-201511-0052
Vulnerability from variot - Updated: 2025-04-13 23:21CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 allow remote attackers to modify the configuration via a command in an SMS message, as demonstrated by a "4 2" command. CSL DualCom GPRS CS2300-R alarm signalling boards, firmware versions v1.25 to v3.53, contain multiple vulnerabilties. CSL DualCom GPRS CS2300-R There is a vulnerability in the device firmware that can be changed. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. http://cwe.mitre.org/data/definitions/254.html In addition, JVNVU#94334814 Then CWE-912 It is published as CWE-912: Hidden Functionality https://cwe.mitre.org/data/definitions/912.htmlBy a third party SMS The setting may be changed via a message command. CSL DualCom GPRS CS2300-R is prone to the following multiple security vulnerabilities: 1. An authentication-bypass vulnerability 2. Multiple security-bypass weaknesses 3. A remote command-execution vulnerability 4. A security vulnerability An attacker can exploit these issues to bypass the authentication mechanism and gain unauthorized access to the affected system by conducting a man-in-the-middle attack, obtain sensitive information, conduct spoofing attacks and perform certain unauthorized actions. This may aid in further attacks. CSL DualCom GPRS CS2300-R SPT is an alarm signal board from CSL DualCom in the UK, it provides a communication link between the burglar alarm and the monitoring center, when the alarm sounds, the signal can be sent through the mobile network, ordinary telephone lines or the Internet sent to the monitoring center. The vulnerability is due to the illegal SMS command contained in the program
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201511-0052",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gprs cs2300-r",
"scope": "eq",
"trust": 1.6,
"vendor": "csl dualcom",
"version": "3.53"
},
{
"model": "gprs cs2300-r",
"scope": "eq",
"trust": 1.6,
"vendor": "csl dualcom",
"version": "1.25"
},
{
"model": "gprs",
"scope": "eq",
"trust": 0.8,
"vendor": "csl dualcom",
"version": "cs2300-r"
},
{
"model": "gprs cs2300-r",
"scope": "eq",
"trust": 0.8,
"vendor": "csl dualcom",
"version": "1.25 to 3.53"
},
{
"model": "dualcom gprs cs2300-r",
"scope": "eq",
"trust": 0.3,
"vendor": "csl",
"version": "3.53"
},
{
"model": "dualcom gprs cs2300-r",
"scope": "eq",
"trust": 0.3,
"vendor": "csl",
"version": "1.25"
}
],
"sources": [
{
"db": "BID",
"id": "77683"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006032"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-405"
},
{
"db": "NVD",
"id": "CVE-2015-7288"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:csl_dualcom:gprs",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:csl_dualcom:gprs_cs2300-r_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006032"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andrew Tierney",
"sources": [
{
"db": "BID",
"id": "77683"
}
],
"trust": 0.3
},
"cve": "CVE-2015-7288",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2015-7288",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-85249",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-7288",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-7288",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201511-405",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-85249",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85249"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006032"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-405"
},
{
"db": "NVD",
"id": "CVE-2015-7288"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 allow remote attackers to modify the configuration via a command in an SMS message, as demonstrated by a \"4 2\" command. CSL DualCom GPRS CS2300-R alarm signalling boards, firmware versions v1.25 to v3.53, contain multiple vulnerabilties. CSL DualCom GPRS CS2300-R There is a vulnerability in the device firmware that can be changed. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. http://cwe.mitre.org/data/definitions/254.html In addition, JVNVU#94334814 Then CWE-912 It is published as CWE-912: Hidden Functionality https://cwe.mitre.org/data/definitions/912.htmlBy a third party SMS The setting may be changed via a message command. CSL DualCom GPRS CS2300-R is prone to the following multiple security vulnerabilities:\n1. An authentication-bypass vulnerability\n2. Multiple security-bypass weaknesses\n3. A remote command-execution vulnerability\n4. A security vulnerability\nAn attacker can exploit these issues to bypass the authentication mechanism and gain unauthorized access to the affected system by conducting a man-in-the-middle attack, obtain sensitive information, conduct spoofing attacks and perform certain unauthorized actions. This may aid in further attacks. CSL DualCom GPRS CS2300-R SPT is an alarm signal board from CSL DualCom in the UK, it provides a communication link between the burglar alarm and the monitoring center, when the alarm sounds, the signal can be sent through the mobile network, ordinary telephone lines or the Internet sent to the monitoring center. The vulnerability is due to the illegal SMS command contained in the program",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7288"
},
{
"db": "CERT/CC",
"id": "VU#428280"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006032"
},
{
"db": "BID",
"id": "77683"
},
{
"db": "VULHUB",
"id": "VHN-85249"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#428280",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2015-7288",
"trust": 2.8
},
{
"db": "JVN",
"id": "JVNVU94334814",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006032",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201511-405",
"trust": 0.7
},
{
"db": "BID",
"id": "77683",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-85249",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#428280"
},
{
"db": "VULHUB",
"id": "VHN-85249"
},
{
"db": "BID",
"id": "77683"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006032"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-405"
},
{
"db": "NVD",
"id": "CVE-2015-7288"
}
]
},
"id": "VAR-201511-0052",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-85249"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:21:14.582000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.csldual.com/uk/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006032"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-254",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85249"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006032"
},
{
"db": "NVD",
"id": "CVE-2015-7288"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/428280"
},
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/bluu-a3nqal"
},
{
"trust": 2.5,
"url": "http://cybergibbons.com/?p=2844"
},
{
"trust": 1.1,
"url": "http://www.csldual.com/uk/"
},
{
"trust": 1.1,
"url": "http://cybergibbons.com/security-2/csl-dualcom-cs2300-signalling-unit-vulnerabilities/"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/327.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/912.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7288"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu94334814/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7288"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#428280"
},
{
"db": "VULHUB",
"id": "VHN-85249"
},
{
"db": "BID",
"id": "77683"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006032"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-405"
},
{
"db": "NVD",
"id": "CVE-2015-7288"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#428280"
},
{
"db": "VULHUB",
"id": "VHN-85249"
},
{
"db": "BID",
"id": "77683"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006032"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-405"
},
{
"db": "NVD",
"id": "CVE-2015-7288"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-23T00:00:00",
"db": "CERT/CC",
"id": "VU#428280"
},
{
"date": "2015-11-25T00:00:00",
"db": "VULHUB",
"id": "VHN-85249"
},
{
"date": "2015-11-23T00:00:00",
"db": "BID",
"id": "77683"
},
{
"date": "2015-11-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006032"
},
{
"date": "2015-11-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-405"
},
{
"date": "2015-11-25T04:59:06.233000",
"db": "NVD",
"id": "CVE-2015-7288"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-23T00:00:00",
"db": "CERT/CC",
"id": "VU#428280"
},
{
"date": "2015-11-25T00:00:00",
"db": "VULHUB",
"id": "VHN-85249"
},
{
"date": "2015-11-23T00:00:00",
"db": "BID",
"id": "77683"
},
{
"date": "2015-11-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006032"
},
{
"date": "2015-11-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-405"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-7288"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-405"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CSL DualCom GPRS CS2300-R alarm signalling boards contain multiple vulnerabilties",
"sources": [
{
"db": "CERT/CC",
"id": "VU#428280"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "77683"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…