All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 are vulnerable to reflected cross site scripting (XSS) attacks in the method parameter. The ETIC RAS web server uses dynamic pages that gets their input from the client side and reflects the input in its response to the client.
History

Wed, 30 Jul 2025 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Etictelecom
Etictelecom remote Access Server Firmware
CPEs cpe:2.3:o:etictelecom:remote_access_server_firmware:*:*:*:*:*:*:*:*
Vendors & Products Etictelecom
Etictelecom remote Access Server Firmware

Tue, 21 Jan 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 17 Jan 2025 16:30:00 +0000

Type Values Removed Values Added
Description All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 are vulnerable to reflected cross site scripting (XSS) attacks in the method parameter. The ETIC RAS web server uses dynamic pages that gets their input from the client side and reflects the input in its response to the client.
Title ETIC Telecom Remote Access Server (RAS) Cross-site Scripting
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 4.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2025-01-17T16:12:26.288Z

Updated: 2025-01-21T15:05:56.805Z

Reserved: 2024-02-14T22:03:32.381Z

Link: CVE-2024-26156

cve-icon Vulnrichment

Updated: 2025-01-21T15:05:53.201Z

cve-icon NVD

Status : Analyzed

Published: 2025-01-17T17:15:11.533

Modified: 2025-07-30T17:01:46.600

Link: CVE-2024-26156

cve-icon Redhat

No data.