CVE-2024-26153

All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.9.19are vulnerable to cross-site request forgery (CSRF). An externalattacker with no access to the device can force the end user intosubmitting a "setconf" method request, not requiring any CSRF token,which can lead into denial of s...

CVE-2024-26156

All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0are vulnerable to reflected cross site scripting (XSS) attacks in themethod parameter. The ETIC RAS web server uses dynamic pages that getstheir input from the client side and reflects the input in its responseto the client.

CVE-2024-26155

All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0expose clear text credentials in the web portal. An attacker can accessthe ETIC RAS web portal and view the HTML code, which is configured tobe hidden, thus allowing a connection to the ETIC RAS ssh server, whichcould enable an a...

CVE-2024-26157

All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0are vulnerable to reflected cross site scripting (XSS) attacks in getview method under view parameter. The ETIC RAS web server uses dynamicpages that get their input from the client side and reflect the input intheir response to ...

CVE-2024-26154

All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0are vulnerable to reflected cross site scripting in the appliance sitename. The ETIC RAS web server saves the site name and then presents itto the administrators in a few different pages.