Lucene search

CertccCVE-2015-7288

HistoryNov 25, 2015 - 4:59 a.m.

CVE-2015-7288

2015-11-2504:59:06

CWE-254

certcc

web.nvd.nist.gov

cve-2015-7288

csl dualcom

gprs

cs2300-r

firmware

remote attack

sms

config modification

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

7.1

Confidence

Low

EPSS

0.004

Percentile

73.9%

JSON

CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 allow remote attackers to modify the configuration via a command in an SMS message, as demonstrated by a “4 2” command.

Affected configurations

Nvd

Node

csl_dualcomgprs_cs2300-r_firmwareMatch1.25

csl_dualcomgprs_cs2300-r_firmwareMatch3.53

AND

csl_dualcomgprsMatchcs2300-r

VendorProductVersionCPE
csl_dualcomgprs_cs2300-r_firmware1.25cpe:2.3:o:csl_dualcom:gprs_cs2300-r_firmware:1.25:*:*:*:*:*:*:*
csl_dualcomgprs_cs2300-r_firmware3.53cpe:2.3:o:csl_dualcom:gprs_cs2300-r_firmware:3.53:*:*:*:*:*:*:*
csl_dualcomgprscs2300-rcpe:2.3:h:csl_dualcom:gprs:cs2300-r:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
csl_dualcom	gprs_cs2300-r_firmware	1.25	cpe:2.3:o:csl_dualcom:gprs_cs2300-r_firmware:1.25:::::::*
csl_dualcom	gprs_cs2300-r_firmware	3.53	cpe:2.3:o:csl_dualcom:gprs_cs2300-r_firmware:3.53:::::::*
csl_dualcom	gprs	cs2300-r	cpe:2.3:h:csl_dualcom:gprs:cs2300-r:::::::*

References

cybergibbons.com/?p=2844

www.kb.cert.org/vuls/id/428280

www.kb.cert.org/vuls/id/BLUU-A3NQAL

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

7.1

Confidence

Low

EPSS

0.004

Percentile

73.9%

JSON

Related for CVE-2015-7288