Etictelecom: >> Remote Access Server Firmware >> 4.7.0 Security Vulnerabilities
All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.9.19
are vulnerable to cross-site request forgery (CSRF). An external
attacker with no access to the device can force the end user into
submitting a "setconf" method request, not requiring any CSRF token,
which can lead into denial of service on the device.
CVSS Score
7.4
EPSS Score
0.0
Published
2025-01-17
ETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by default. This could allow an attacker with adjacent network access to alter the configuration of the device or cause a denial-of-service condition.
CVSS Score
7.1
EPSS Score
0.0
Published
2023-08-23