CVE-2024-26153 Information

Description

All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.9.19 are vulnerable to cross-site request forgery (CSRF). An external attacker with no access to the device can force the end user into submitting a \setconf\ method request not requiring any CSRF token which can lead into denial of service on the device.

Reference

https://www.cisa.gov/news-events/ics-advisories/icsa-22-307-01