are vulnerable to reflected cross site scripting (XSS) attacks in the
method parameter. The ETIC RAS web server uses dynamic pages that gets
their input from the client side and reflects the input in its response
to the client.
Metrics
Affected Vendors & Products
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2024-23433 | All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 are vulnerable to reflected cross site scripting (XSS) attacks in the method parameter. The ETIC RAS web server uses dynamic pages that gets their input from the client side and reflects the input in its response to the client. |
Solution
For all firmware versions 4.5.0 https://www.etictelecom.com/en/softwares-download/ and above, this issue is fixed.
Workaround
To reduce the attack surface in versions prior to 4.5.0, ETIC Telecom advises users to verify in the router configuration that: (1) The administration web page is accessible only through the LAN side over HTTPS, and (2) The administration web page is protected with authentication.
Wed, 30 Jul 2025 17:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Etictelecom
Etictelecom remote Access Server Firmware |
|
| CPEs | cpe:2.3:o:etictelecom:remote_access_server_firmware:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Etictelecom
Etictelecom remote Access Server Firmware |
Tue, 21 Jan 2025 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 17 Jan 2025 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 are vulnerable to reflected cross site scripting (XSS) attacks in the method parameter. The ETIC RAS web server uses dynamic pages that gets their input from the client side and reflects the input in its response to the client. | |
| Title | ETIC Telecom Remote Access Server (RAS) Cross-site Scripting | |
| Weaknesses | CWE-79 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: icscert
Published:
Updated: 2025-01-21T15:05:56.805Z
Reserved: 2024-02-14T22:03:32.381Z
Link: CVE-2024-26156
Updated: 2025-01-21T15:05:53.201Z
Status : Analyzed
Published: 2025-01-17T17:15:11.533
Modified: 2025-07-30T17:01:46.600
Link: CVE-2024-26156
No data.
OpenCVE Enrichment
No data.
EUVD