Published: 25/11/2015 Updated: 25/11/2015

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

CSL DualCom GPRS CS2300-R devices with firmware 1.25 up to and including 3.53 allow remote malicious users to modify the configuration via a command in an SMS message, as demonstrated by a "4 2" command.

Vulnerable Product	Search on Vulmon	Subscribe to Product
csl_dualcom gprs_cs2300-r_firmware 3.53
csl_dualcom gprs_cs2300-r_firmware 1.25

Pen tester sounds alert over 'gaping' flaws in Brit alarm platform

The Register • Darren Pauli • 24 Nov 2015

To update a CSL DualCom rig rip off the glue, unscrew the box, manually flash each unit

British penetration tester Andrew Tierney says he has found dangerous vulnerabilities in network-connected alarm systems sold by the UK's self-proclaimed market leader CSL DualCom. Tierney says the flaws, also reported by the US Government CERT Coordination Center, relate to "incredibly bad" encryption, clunky physical firmware updating requirements, alleged non-compliance with standards, and poor overall security design. CSL has "generally disputed" the disclosure, according to CERT CC. The com...

CVE-2015-7288

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect