Published: 25/11/2015 Updated: 27/11/2015

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

VMScore: 570

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

CSL DualCom GPRS CS2300-R devices with firmware 1.25 up to and including 3.53 rely on a polyalphabetic substitution cipher with hardcoded keys, which makes it easier for remote malicious users to defeat a cryptographic protection mechanism by capturing IP or V.22bis PSTN protocol traffic.

Vulnerable Product	Search on Vulmon	Subscribe to Product
csl_dualcom gprs_cs2300-r_firmware 1.25
csl_dualcom gprs_cs2300-r_firmware 3.53

Pen tester sounds alert over 'gaping' flaws in Brit alarm platform

The Register • Darren Pauli • 24 Nov 2015

To update a CSL DualCom rig rip off the glue, unscrew the box, manually flash each unit

British penetration tester Andrew Tierney says he has found dangerous vulnerabilities in network-connected alarm systems sold by the UK's self-proclaimed market leader CSL DualCom. Tierney says the flaws, also reported by the US Government CERT Coordination Center, relate to "incredibly bad" encryption, clunky physical firmware updating requirements, alleged non-compliance with standards, and poor overall security design. CSL has "generally disputed" the disclosure, according to CERT CC. The com...

CVE-2015-7286

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect