CVE-2015-7285

Name of the Vulnerable Software and Affected Versions CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53

Description The issue allows man-in-the-middle attackers to bypass intended access restrictions via a spoofed HSxx response, as the devices do not require authentication from Alarm Receiving Center (ARC) servers.

Recommendations For firmware versions 1.25 through 3.53, consider implementing authentication mechanisms for Alarm Receiving Center (ARC) servers to prevent unauthorized access. As a temporary workaround, restrict access to the devices to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.