Jump to content
Security Installer Community

Csl Dualcom Cs2300-R Vulnerabilities

cybergibbons

By cybergibbons
in Members Lounge (Public)

 Share

Recommended Posts

cybergibbons Newbie

cybergibbons

Posted
  • Author
Posted

So 2013 firmware was in your report?

 

Firmware that was on a device installed 2013 - 2.5x. The latest on their site was 3.53 or 3.10 for UDL. This is the version number that flashes up as the board is booting.

 

I'd be interested to hear about other versions of the firmware though.

 

I have two DigiAirs now, so I am presently giving them a once over.

So as of April 2015 your findings are valid?

 

Unless CSL secretly deployed a later firmware version using programmers that no installers have, yes.

 

If one of you still have a valid login to the CSL installer area, you could check what the latest firmware version is. Maybe ask them what the latest version is for the Gradeshift as well...

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

Link to comment
Share on other sites
  • Replies 144
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

PeterJames
PeterJames

None of us are pretending anything, there has been and all ways will be ways around security systems, so long as the kit is one step ahead of the type of burglar expected then whats to worry about?  I

Dick
Dick

It has to be the manufacturer for allowing such inferior equipment to be released. Everyone else down the line has worked on trust.

Dick
Dick

Bag and cat spring to mind though. Things might and should change. As an end user I'd be livid with the findings too. Having said that, I'm not an end user of said equipment and I'm not surprised with

james.wilson Mentor

james.wilson

Posted
Posted

Be interesting if that's just 100 affected units? Can't agree that its a round 600 units affected. That is imo bullsh1t

 

Is that grade 3 units, or gradeshift grade 4

 

Most end users won't know, care or give one as their insurer will come back on the maintainer.

I wonder what the insurers think on this.

As usual the insurers will ask for Dualcom plus

securitywarehouse Security Supplies from Security Warehouse

Trade Members please contact us for your TSI vetted trade discount.

Link to comment
Share on other sites
cybergibbons Newbie

cybergibbons

Posted
  • Author
Posted

Be interesting if that's just 100 affected units? Can't agree that its a round 600 units affected. That is imo bullsh1t

 

Is that grade 3 units, or gradeshift grade 4

 

Most end users won't know, care or give one as their insurer will come back on the maintainer.

I wonder what the insurers think on this.

As usual the insurers will ask for Dualcom plus

 

I can't see any difference between the different units - certainly the ones I have, the grade is just an option set in NVRAM.

 

What is "Dualcom plus" - seen that in insurance docs, but doesn't seem to line up with a product.

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

Link to comment
Share on other sites
sixwheeledbeast Mentor

sixwheeledbeast

Posted
Posted

I'd be interested to hear about other versions of the firmware though.

3.77

Is that grade 3 units, or gradeshift grade 4

It still not clear, but they seem to be all the same hardware.

You can buy spare units and program them to be whatever grade you need.

Most end users won't know, care or give one as their insurer will come back on the maintainer.

Completely agree.
Link to comment
Share on other sites
james.wilson Mentor

james.wilson

Posted
Posted

Surprised as such maintainers will be liable that it isn't a busier topic. My take is that I needed to remove them. Seems a lot of firms don't care that they are fitting very insecure devices.

securitywarehouse Security Supplies from Security Warehouse

Trade Members please contact us for your TSI vetted trade discount.

Link to comment
Share on other sites
Nova-Security Explorer

Nova-Security

Posted
Posted

Surprised as such maintainers will be liable that it isn't a busier topic. My take is that I needed to remove them. Seems a lot of firms don't care that they are fitting very insecure devices.

 

Nope ARC is liable as we subcontract the monitoring out.

www.nova-security.co.uk

www.nsiapproved.co.uk

No PMs please unless i know you or you are using this board with your proper name.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept