Vulnerabilities > CVE-2022-41607 - Unspecified vulnerability in Etictelecom Remote Access Server Firmware 4.5.0

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

etictelecom

NVD

Published: 2022-11-10

Updated: 2024-11-21

Summary

All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s application programmable interface (API) is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords, scripts, python objects, database files, and more.

Vulnerable Configurations

Part	Description	Count
OS	Etictelecom Etictelecom Remote Access Server Firmware 4.5.0	1
Hardware	Etictelecom Etictelecom RAS C 100 LW - Etictelecom RAS E 100 - Etictelecom RAS E 220 - Etictelecom RAS E 400 - Etictelecom RAS EC 220 LW - Etictelecom RAS EC 400 LW - Etictelecom RAS EC 480 LW - Etictelecom RAS ECW 220 LW - Etictelecom RAS ECW 400 LW - Etictelecom RAS EW 100 - Etictelecom RAS EW 220 - Etictelecom RAS EW 400 - Etictelecom RFM E -	13

Summary

Vulnerable Configurations

References