Etic Telecom Remote Access Server vulnerabilities
9 known vulnerabilities affecting etic_telecom/remote_access_server.
Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH4MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2022-40981P2CRITICALCVSS 10.0≤ 4.5.02022-11-10
CVE-2022-40981 [CRITICAL] CWE-434 CVE-2022-40981: All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior is vulnerable to malicious f
All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior is vulnerable to malicious file upload. An attacker could take advantage of this to store malicious files on the server, which could override sensitive and useful existing files on the filesystem, fill the hard disk to full capacity, or compromise the affected device or comput
nvd
CVE-2022-3703P2CRITICALCVSS 10.0≤ 4.5.02022-11-10
CVE-2022-3703 [CRITICAL] CWE-345 CVE-2022-3703: All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s web portal is vulnerable t
All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s web portal is vulnerable to accepting malicious firmware packages that could provide a backdoor to an attacker and provide privilege escalation to the device.
nvd
CVE-2024-26155P3HIGHCVSS 8.6fixed in 4.5.02025-01-17
CVE-2024-26155 [HIGH] CWE-319 CVE-2024-26155: All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 expose clear text credential
All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0
expose clear text credentials in the web portal. An attacker can access
the ETIC RAS web portal and view the HTML code, which is configured to
be hidden, thus allowing a connection to the ETIC RAS ssh server, which
could enable an attacker to perform actions on the device.
nvd
CVE-2022-41607P3HIGHCVSS 7.5≤ 4.5.02022-11-10
CVE-2022-41607 [HIGH] CWE-22 CVE-2022-41607: All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s application programmable i
All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s application programmable interface (API) is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords, scripts, python objects, database files, and more.
nvd
CVE-2023-3453P3HIGHCVSS 8.1≤ 4.7.02023-08-23
CVE-2023-3453 [HIGH] CWE-1188 CVE-2023-3453: ETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by defa
ETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by default. This could allow an attacker with adjacent network access to alter the configuration of the device or cause a denial-of-service condition.
nvd
CVE-2024-26153P4HIGHCVSS 7.4fixed in 4.9.192025-01-17
CVE-2024-26153 [HIGH] CWE-352 CVE-2024-26153: All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.9.19 are vulnerable to cross-sit
All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.9.19
are vulnerable to cross-site request forgery (CSRF). An external
attacker with no access to the device can force the end user into
submitting a "setconf" method request, not requiring any CSRF token,
which can lead into denial of service on the device.
nvd
CVE-2024-26157P4MEDIUMCVSS 6.1fixed in 4.5.02025-01-17
CVE-2024-26157 [MEDIUM] CWE-79 CVE-2024-26157: All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 are vulnerable to reflected
All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0
are vulnerable to reflected cross site scripting (XSS) attacks in get
view method under view parameter. The ETIC RAS web server uses dynamic
pages that get their input from the client side and reflect the input in
their response to the client.
nvd
CVE-2024-26154P4MEDIUMCVSS 6.1fixed in 4.5.02025-01-17
CVE-2024-26154 [MEDIUM] CWE-79 CVE-2024-26154: All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 are vulnerable to reflected
All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0
are vulnerable to reflected cross site scripting in the appliance site
name. The ETIC RAS web server saves the site name and then presents it
to the administrators in a few different pages.
nvd
CVE-2024-26156P4MEDIUMCVSS 6.1fixed in 4.5.02025-01-17
CVE-2024-26156 [MEDIUM] CWE-79 CVE-2024-26156: All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 are vulnerable to reflected
All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0
are vulnerable to reflected cross site scripting (XSS) attacks in the
method parameter. The ETIC RAS web server uses dynamic pages that gets
their input from the client side and reflects the input in its response
to the client.
nvd