CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2015-7285

CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 do not require authentication from Alarm Receiving Center (ARC) servers, which allows man-in-the-middle attackers to bypass intended access restrictions via a spoofed HSxx response.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 57.4%

CVSS Severity

CVSS v2 Score 5.8

References

http://cybergibbons.com/?p=2844
http://www.kb.cert.org/vuls/id/428280
http://www.kb.cert.org/vuls/id/BLUU-A3NQAL
http://cybergibbons.com/?p=2844
http://www.kb.cert.org/vuls/id/428280
http://www.kb.cert.org/vuls/id/BLUU-A3NQAL

Products affected by CVE-2015-7285

Csl Dualcom » Gprs » Version: cs2300-r

cpe:2.3:h:csl_dualcom:gprs:cs2300-r
Csl Dualcom » Gprs Cs2300-R Firmware » Version: 1.25

cpe:2.3:o:csl_dualcom:gprs_cs2300-r_firmware:1.25
Csl Dualcom » Gprs Cs2300-R Firmware » Version: 3.53

cpe:2.3:o:csl_dualcom:gprs_cs2300-r_firmware:3.53

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-7285

Products

Pricing

Contact Us