EUVD-2015-7217

Malware in sbrugna...

EUVD-2015-7216

Malware in sbrugna...

CSL DualCom GPRS CS2300-R SPT中间人攻击漏洞

No description provided by source...

CSL DualCom GPRS CS2300-R SPT任意命令执行漏洞

No description provided by source...

CVE-2015-7288

CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 allow remote attackers to modify the configuration via a command in an SMS message, as demonstrated by a "4 2" command...

CVE-2015-7287

CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 use the same 001984 default PIN across different customers' installations, which allows remote attackers to execute commands by leveraging knowledge of this PIN and including it in an SMS message...

CVE-2015-7286

CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 rely on a polyalphabetic substitution cipher with hardcoded keys, which makes it easier for remote attackers to defeat a cryptographic protection mechanism by capturing IP or V.22bis PSTN protocol traffic...

CVE-2015-7285

CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 do not require authentication from Alarm Receiving Center ARC servers, which allows man-in-the-middle attackers to bypass intended access restrictions via a spoofed HSxx response...

Command injection

CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 allow remote attackers to modify the configuration via a command in an SMS message, as demonstrated by a "4 2" command...

Design/Logic Flaw

CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 use the same 001984 default PIN across different customers' installations, which allows remote attackers to execute commands by leveraging knowledge of this PIN and including it in an SMS message...

Authentication flaw

CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 do not require authentication from Alarm Receiving Center ARC servers, which allows man-in-the-middle attackers to bypass intended access restrictions via a spoofed HSxx response...

Hardcoded credentials

CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 rely on a polyalphabetic substitution cipher with hardcoded keys, which makes it easier for remote attackers to defeat a cryptographic protection mechanism by capturing IP or V.22bis PSTN protocol traffic...

CVE-2015-7285

CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 do not require authentication from Alarm Receiving Center ARC servers, which allows man-in-the-middle attackers to bypass intended access restrictions via a spoofed HSxx response...

CVE-2015-7285

The CVE-2015-7285 entry concerns CSL DualCom GPRS CS2300-R alarm signalling boards (firmware 1.25–3.53). The vulnerability is a lack of mutual authentication between CS2300-R SPTs and ARC polling servers, enabling MITM attackers to spoof HSxx responses and bypass access controls. Connected source...

CVE-2015-7288

The CVE-2015-7288 entry affects CSL DualCom GPRS CS2300-R alarm signaling boards with firmware 1.25–3.53. A remote, unauthenticated attacker could modify device configuration via an SMS command (e.g., “4 2”). The CERT/CC entry expands on multiple issues in these devices (improper authentication, ...

CVE-2015-7287

CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 use the same 001984 default PIN across different customers' installations, which allows remote attackers to execute commands by leveraging knowledge of this PIN and including it in an SMS message...

CVE-2015-7286

CVE-2015-7286 affects CSL DualCom GPRS CS2300-R alarm signalling boards (firmware 1.25–3.53). The root cause is a proprietary, polyalphabetic substitution cipher with hardcoded keys, enabling a remote attacker to decrypt or manipulate communications between SPTs and ARC servers. The vulnerability...

CVE-2015-7287

The CVE-2015-7287 issue affects CSL DualCom GPRS CS2300-R alarm signaling boards (firmware 1.25–3.53). A non-unique, default PIN (001984) is used across installations, enabling remote command execution via SMS when knowledge of the PIN is included in a message. Impacted devices could be controlle...

CVE-2015-7288

CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 allow remote attackers to modify the configuration via a command in an SMS message, as demonstrated by a "4 2" command...

CVE-2015-7286

CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 rely on a polyalphabetic substitution cipher with hardcoded keys, which makes it easier for remote attackers to defeat a cryptographic protection mechanism by capturing IP or V.22bis PSTN protocol traffic...