CVE-2024-26153

CVSS 3.1 Score 7.4 of 10 (high)

Details

Published Jan 17, 2025

CWE ID 352

Summary

CVE-2024-26153 is a cross-site request forgery (CSRF) vulnerability affecting all versions of ETIC Telecom Remote Access Server (RAS) before 4.9.19. An external attacker can exploit this flaw to force an end user into submitting a malicious "setconf" method request. This request does not require a CSRF token, allowing the attacker to cause a denial-of-service on the device. Successful exploitation of this vulnerability can lead to disrupted services, emphasizing the need for users to update their RAS software to the latest version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uhYAGf
https://www.cve.org/CVERecord?id=CVE-2024-26153
https://nvd.nist.gov/vuln/detail/CVE-2024-26153

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

US Violent Extremists Likely Shifting Focus to Targeted Physical Threats in 2025

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Threats to the 2025 NATO Summit

Know What Matters

For Customers

For Partners

CVE-2024-26153

CVSS 3.1 Score 7.4 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations