CVE-2015-7285 Information

Description

CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 do not require authentication from Alarm Receiving Center (ARC) servers which allows man-in-the-middle attackers to bypass intended access restrictions via a spoofed HSxx response.

Reference

http://cybergibbons.com/?p=2844 http://www.kb.cert.org/vuls/id/428280 http://www.kb.cert.org/vuls/id/BLUU-A3NQAL