CVE-2024-26153

Name of the Vulnerable Software and Affected Versions: ETIC Telecom Remote Access Server (RAS) versions prior to 4.9.19

Description: The issue allows an external attacker with no access to the device to force the end user into submitting a "setconf" method request, which can lead to denial of service on the device. This is achieved through cross-site request forgery (CSRF), where no CSRF token is required.

Recommendations: For versions prior to 4.9.19, update to version 4.9.19 or later to resolve the issue. As a temporary workaround, consider restricting access to the setconf method to minimize the risk of exploitation.