CVE-2024-26153

High CVSS 7.4

Overview

All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.9.19
are vulnerable to cross-site request forgery (CSRF). An external
attacker with no access to the device can force the end user into
submitting a "setconf" method request, not requiring any CSRF token,
which can lead into denial of service on the device.

CWE: CWE-352 Published: 2025-01-17T17:15:10.927

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 7.4 (HIGH)
Detected tags: csrf, dos (tag impact: MODERATE)

Recommended actions:

CSRF tokens, SameSite=Strict for cookies, validate Origin/Referer.
Rate limiting, resource quotas and circuit breakers.

Overview

Recommended tools

Tags