Описание
CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 do not require authentication from Alarm Receiving Center (ARC) servers, which allows man-in-the-middle attackers to bypass intended access restrictions via a spoofed HSxx response.
Ссылки
- Exploit
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryUS Government Resource
- Exploit
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:o:csl_dualcom:gprs_cs2300-r_firmware:1.25:*:*:*:*:*:*:*
cpe:2.3:o:csl_dualcom:gprs_cs2300-r_firmware:3.53:*:*:*:*:*:*:*
cpe:2.3:h:csl_dualcom:gprs:cs2300-r:*:*:*:*:*:*:*
EPSS
Процентиль: 66%
0.00513
Низкий
5.8 Medium
CVSS2
Дефекты
CWE-287
Связанные уязвимости
github
больше 3 лет назад
CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 do not require authentication from Alarm Receiving Center (ARC) servers, which allows man-in-the-middle attackers to bypass intended access restrictions via a spoofed HSxx response.
EPSS
Процентиль: 66%
0.00513
Низкий
5.8 Medium
CVSS2
Дефекты
CWE-287