Published: 25/11/2015 Updated: 25/11/2015

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

CSL DualCom GPRS CS2300-R devices with firmware 1.25 up to and including 3.53 use the same 001984 default PIN across different customers' installations, which allows remote malicious users to execute commands by leveraging knowledge of this PIN and including it in an SMS message.

Vulnerable Product	Search on Vulmon	Subscribe to Product
csl_dualcom gprs_cs2300-r_firmware 1.25
csl_dualcom gprs_cs2300-r_firmware 3.53

Pen tester sounds alert over 'gaping' flaws in Brit alarm platform

The Register • Darren Pauli • 24 Nov 2015

To update a CSL DualCom rig rip off the glue, unscrew the box, manually flash each unit

British penetration tester Andrew Tierney says he has found dangerous vulnerabilities in network-connected alarm systems sold by the UK's self-proclaimed market leader CSL DualCom. Tierney says the flaws, also reported by the US Government CERT Coordination Center, relate to "incredibly bad" encryption, clunky physical firmware updating requirements, alleged non-compliance with standards, and poor overall security design. CSL has "generally disputed" the disclosure, according to CERT CC. The com...

CVE-2015-7287

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect