CVE-2024-26155
ETIC Telecom Remote Access Server (RAS) Cleartext Transmission of Sensitive Information
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.1EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
17 Jan 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0
expose clear text credentials in the web portal. An attacker can access
the ETIC RAS web portal and view the HTML code, which is configured to
be hidden, thus allowing a connection to the ETIC RAS ssh server, which
could enable an attacker to perform actions on the device.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
Affected products
ETIC Telecom · Remote Access Server (RAS)Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →