CVE-2015-7287

{"id": "CVE-2015-7287", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-11-25T04:59:04.983", "references": [{"url": "http://cybergibbons.com/?p=2844", "tags": ["Exploit"], "source": "cret@cert.org"}, {"url": "http://www.kb.cert.org/vuls/id/428280", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cret@cert.org"}, {"url": "http://www.kb.cert.org/vuls/id/BLUU-A3NQAL", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cret@cert.org"}, {"url": "http://cybergibbons.com/?p=2844", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.kb.cert.org/vuls/id/428280", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.kb.cert.org/vuls/id/BLUU-A3NQAL", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 use the same 001984 default PIN across different customers' installations, which allows remote attackers to execute commands by leveraging knowledge of this PIN and including it in an SMS message."}, {"lang": "es", "value": "Dispositivos CSL DualCom GPRS CS2300-R con firmware 1.25 hasta la versi\u00f3n 3.53 usa el mismo PIN 001984 por defecto en la instalaci\u00f3n de diferentes clientes, lo que permite a atacantes remotos ejecutar comandos aprovech\u00e1ndose del conocimiento de este PIN e incluy\u00e9ndolo en un mensaje SMS."}], "lastModified": "2024-11-21T02:36:31.087", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:csl_dualcom:gprs_cs2300-r_firmware:1.25:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2397CE4A-E81A-4AC3-B270-55B9C3B048EA"}, {"criteria": "cpe:2.3:o:csl_dualcom:gprs_cs2300-r_firmware:3.53:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81B16396-C7FC-41B5-B7F4-FEA34DC2D0A9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:csl_dualcom:gprs:cs2300-r:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "31C0CB19-FCF0-42D7-B206-B0DB2D92E3A2"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cret@cert.org"}