Skip to main content

Remote Access Server Firmware

9 CVEs product

Monthly

CVE-2024-26157 MEDIUM This Month

All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 are vulnerable to reflected cross site scripting (XSS) attacks in get view method under view parameter. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Remote Access Server Firmware
NVD
CVSS 4.0
5.3
EPSS
0.2%
CVE-2024-26156 MEDIUM Monitor

All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 are vulnerable to reflected cross site scripting (XSS) attacks in the method parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Remote Access Server Firmware
NVD
CVSS 4.0
4.8
EPSS
0.1%
CVE-2024-26155 MEDIUM This Month

All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 expose clear text credentials in the web portal. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Remote Access Server Firmware
NVD
CVSS 4.0
6.1
EPSS
0.1%
CVE-2024-26154 MEDIUM Monitor

All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 are vulnerable to reflected cross site scripting in the appliance site name. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Remote Access Server Firmware
NVD
CVSS 4.0
4.8
EPSS
0.1%
CVE-2024-26153 MEDIUM This Month

All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.9.19 are vulnerable to cross-site request forgery (CSRF). Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Denial Of Service Remote Access Server Firmware
NVD
CVSS 4.0
6.3
EPSS
0.2%
CVE-2023-3453 HIGH PATCH This Week

ETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by default. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Remote Access Server Firmware
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2022-41607 HIGH PATCH This Week

All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s application programmable interface (API) is vulnerable to directory traversal through several different methods. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Python Remote Access Server Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-40981 CRITICAL PATCH Act Now

All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior is vulnerable to malicious file upload. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Remote Access Server Firmware
NVD
CVSS 3.1
10.0
EPSS
0.5%
CVE-2022-3703 CRITICAL PATCH Act Now

All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s web portal is vulnerable to accepting malicious firmware packages that could provide a backdoor to an attacker and provide. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Remote Access Server Firmware
NVD
CVSS 3.1
10.0
EPSS
0.3%
EPSS 0% CVSS 5.3
MEDIUM This Month

All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 are vulnerable to reflected cross site scripting (XSS) attacks in get view method under view parameter. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Remote Access Server Firmware
NVD
EPSS 0% CVSS 4.8
MEDIUM Monitor

All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 are vulnerable to reflected cross site scripting (XSS) attacks in the method parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Remote Access Server Firmware
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 expose clear text credentials in the web portal. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Remote Access Server Firmware
NVD
EPSS 0% CVSS 4.8
MEDIUM Monitor

All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 are vulnerable to reflected cross site scripting in the appliance site name. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Remote Access Server Firmware
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.9.19 are vulnerable to cross-site request forgery (CSRF). Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Denial Of Service Remote Access Server Firmware
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

ETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by default. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Remote Access Server Firmware
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s application programmable interface (API) is vulnerable to directory traversal through several different methods. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Python Remote Access Server Firmware
NVD
EPSS 1% CVSS 10.0
CRITICAL PATCH Act Now

All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior is vulnerable to malicious file upload. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Remote Access Server Firmware
NVD
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s web portal is vulnerable to accepting malicious firmware packages that could provide a backdoor to an attacker and provide. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Remote Access Server Firmware
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy