Vulnerability CVE-2015-7287


Published: 2015-11-24   Modified: 2015-11-25

Description:
CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 use the same 001984 default PIN across different customers' installations, which allows remote attackers to execute commands by leveraging knowledge of this PIN and including it in an SMS message.

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Csl dualcom -> Gprs cs2300-r firmware 

 References:
http://www.kb.cert.org/vuls/id/BLUU-A3NQAL
http://www.kb.cert.org/vuls/id/428280
http://cybergibbons.com/?p=2844

Copyright 2024, cxsecurity.com

 

Back to Top