CVE-2022-41607

All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s application programmable interface (API) is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords, scr...

CVE-2024-26153

All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.9.19are vulnerable to cross-site request forgery (CSRF). An externalattacker with no access to the device can force the end user intosubmitting a "setconf" method request, not requiring any CSRF token,which can lead into denial of s...