ETIC Telecom Remote Access Server
Easy fix3 remedies
cpe:2.3:a:etictelecom:remote_access_server:*:*:*:*:*:*:*, +1 more
Easy fix3 remedies
- < 4.5.0
- < 4.9.19
ETIC Telecom Remote Access Server Reflected Cross-Site Scripting Vulnerability
Vulnerability
Patched
A reflected cross-site scripting vulnerability has been identified in all versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0. This vulnerability allows attackers to inject malicious scripts into web pages viewed by users. The issue arises because the ETIC RAS web server dynamically generates pages that reflect client-side input without proper validation, particularly in the method parameter.
Impact
Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.
Remediation
Users are advised to update to version 4.5.0 or later, where this vulnerability has been fixed. For versions prior to 4.5.0, ETIC Telecom recommends ensuring that the administration web page is accessible only through the LAN side over HTTPS and is protected with authentication.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
1.0impact
1.7exploitability
6.5remediation
7.9relevance
0.0threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.