are vulnerable to reflected cross site scripting (XSS) attacks in the
method parameter. The ETIC RAS web server uses dynamic pages that gets
their input from the client side and reflects the input in its response
to the client.
Metrics
Affected Vendors & Products
Source | ID | Title |
---|---|---|
![]() |
EUVD-2024-23433 | All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 are vulnerable to reflected cross site scripting (XSS) attacks in the method parameter. The ETIC RAS web server uses dynamic pages that gets their input from the client side and reflects the input in its response to the client. |
Solution
For all firmware versions 4.5.0 https://www.etictelecom.com/en/softwares-download/ and above, this issue is fixed.
Workaround
To reduce the attack surface in versions prior to 4.5.0, ETIC Telecom advises users to verify in the router configuration that: (1) The administration web page is accessible only through the LAN side over HTTPS, and (2) The administration web page is protected with authentication.
Wed, 30 Jul 2025 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Etictelecom
Etictelecom remote Access Server Firmware |
|
CPEs | cpe:2.3:o:etictelecom:remote_access_server_firmware:*:*:*:*:*:*:*:* | |
Vendors & Products |
Etictelecom
Etictelecom remote Access Server Firmware |
Tue, 21 Jan 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 17 Jan 2025 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 are vulnerable to reflected cross site scripting (XSS) attacks in the method parameter. The ETIC RAS web server uses dynamic pages that gets their input from the client side and reflects the input in its response to the client. | |
Title | ETIC Telecom Remote Access Server (RAS) Cross-site Scripting | |
Weaknesses | CWE-79 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: icscert
Published:
Updated: 2025-01-21T15:05:56.805Z
Reserved: 2024-02-14T22:03:32.381Z
Link: CVE-2024-26156

Updated: 2025-01-21T15:05:53.201Z

Status : Analyzed
Published: 2025-01-17T17:15:11.533
Modified: 2025-07-30T17:01:46.600
Link: CVE-2024-26156

No data.

No data.