CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS
Percentile
65.7%
All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s web portal is vulnerable to accepting malicious firmware packages that could provide a backdoor to an attacker and provide privilege escalation to the device.
Vendor | Product | Version | CPE |
---|---|---|---|
etictelecom | ras-c-100-lw | - | cpe:2.3:h:etictelecom:ras-c-100-lw:-:*:*:*:*:*:*:* |
etictelecom | ras-e-100 | - | cpe:2.3:h:etictelecom:ras-e-100:-:*:*:*:*:*:*:* |
etictelecom | ras-e-220 | - | cpe:2.3:h:etictelecom:ras-e-220:-:*:*:*:*:*:*:* |
etictelecom | ras-e-400 | - | cpe:2.3:h:etictelecom:ras-e-400:-:*:*:*:*:*:*:* |
etictelecom | ras-ec-220-lw | - | cpe:2.3:h:etictelecom:ras-ec-220-lw:-:*:*:*:*:*:*:* |
etictelecom | ras-ec-400-lw | - | cpe:2.3:h:etictelecom:ras-ec-400-lw:-:*:*:*:*:*:*:* |
etictelecom | ras-ec-480-lw | - | cpe:2.3:h:etictelecom:ras-ec-480-lw:-:*:*:*:*:*:*:* |
etictelecom | ras-ecw-220-lw | - | cpe:2.3:h:etictelecom:ras-ecw-220-lw:-:*:*:*:*:*:*:* |
etictelecom | ras-ecw-400-lw | - | cpe:2.3:h:etictelecom:ras-ecw-400-lw:-:*:*:*:*:*:*:* |
etictelecom | ras-ew-100 | - | cpe:2.3:h:etictelecom:ras-ew-100:-:*:*:*:*:*:*:* |