CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 do not require authentication from Alarm Receiving Center (ARC) servers, which allows man-in-the-middle attackers to bypass intended access restrictions via a spoofed HSxx response.
CPE | Name | Operator | Version |
---|---|---|---|
gprs_cs2300-r_firmware | eq | 1.25 | |
gprs_cs2300-r_firmware | eq | 3.53 |