CVE-2015-7286

Name of the Vulnerable Software and Affected Versions CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53

Description The issue concerns the use of a polyalphabetic substitution cipher with hardcoded keys in the affected devices. This makes it easier for remote attackers to defeat the cryptographic protection mechanism by capturing IP or V.22bis PSTN protocol traffic.

Recommendations For CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53, consider updating the firmware to a version that does not rely on hardcoded keys for cryptographic protection, if such an update is available. As a temporary workaround, restrict access to the device's network traffic to minimize the risk of exploitation.