4.7.0

CVSS 8.1 - HIGH

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

HIGH

low complexity

etictelecom

CWE-1188

NVD

Published: 2023-08-23

Updated: 2023-12-28

Summary

ETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by default. This could allow an attacker with adjacent network access to alter the configuration of the device or cause a denial-of-service condition.

Vulnerable Configurations

Part	Description	Count
OS	Etictelecom Etictelecom Remote Access Server Firmware 4.5.0 Etictelecom Remote Access Server Firmware 4.7.0	2
Hardware	Etictelecom Etictelecom RAS C 100 LW - Etictelecom RAS E 100 - Etictelecom RAS E 220 - Etictelecom RAS E 400 - Etictelecom RAS EC 220 LW - Etictelecom RAS EC 400 LW - Etictelecom RAS EC 480 LW - Etictelecom RAS ECW 220 LW - Etictelecom RAS ECW 400 LW - Etictelecom RAS EW 100 - Etictelecom RAS EW 220 - Etictelecom RAS EW 400 - Etictelecom RFM E -	13

Common Weakness Enumeration (CWE)

CWE-1188 - Insecure Default Initialization of Resource

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-01