Cyber Resilience

CVE-2024-26155

Medium

Published: 17 January 2025

Published
17 January 2025
Modified
30 July 2025
KEV Added
Patch
CVSS Score v4 6.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0007 21.3th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-26155 is a medium-severity Cleartext Transmission of Sensitive Information (CWE-319) vulnerability in Etictelecom Remote Access Server Firmware. Its CVSS base score is 6.1 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Credentials In Files (T1552.001); ranked at the 21.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-26155 is a vulnerability in all versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 that exposes cleartext credentials within the web portal. The HTML code containing these credentials is configured to be hidden, but an attacker can access the ETIC RAS web portal and view the source code to obtain them. This issue corresponds to CWE-319 (Cleartext Transmission of Sensitive Information) and has a CVSS v3.1 base score of 6.8 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

An attacker with network access and high privileges can exploit this vulnerability by accessing the web portal, inspecting the hidden HTML code to retrieve the cleartext credentials, and then using them to connect to the ETIC RAS SSH server. Successful exploitation enables the attacker to perform actions on the device, resulting in high confidentiality impact with a changed scope due to the credential exposure.

The CISA advisory ICSA-22-307-01 provides details on this vulnerability, and mitigation involves upgrading to ETIC Telecom RAS version 4.5.0 or later, which addresses the exposure of credentials in the web portal.

EU & UK References

Vulnerability details

All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 expose clear text credentials in the web portal. An attacker can access the ETIC RAS web portal and view the HTML code, which is configured to be hidden,…

more

thus allowing a connection to the ETIC RAS ssh server, which could enable an attacker to perform actions on the device.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
T1021.004 SSH Lateral Movement
Adversaries may use [Valid Accounts](https://attack.
Why these techniques?

Vulnerability directly exposes cleartext credentials in served HTML (enables T1552.001); retrieved credentials then allow SSH access (facilitates T1021.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-26153Same product: Etictelecom Remote Access Server Firmware
CVE-2024-5462Shared CWE-319
CVE-2026-23661Shared CWE-319
CVE-2025-13718Shared CWE-319
CVE-2025-2861Shared CWE-319
CVE-2020-36917Shared CWE-319
CVE-2024-36558Shared CWE-319
CVE-2026-24212Shared CWE-319
CVE-2025-70048Shared CWE-319
CVE-2024-44276Shared CWE-319

Affected Assets

etictelecom
remote access server firmware
≤ 4.5.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires identification, reporting, and correction of the specific flaw exposing cleartext credentials, including installation of the patch to ETIC RAS version 4.5.0 or later.

prevent

Mandates protection of authenticator content from unauthorized disclosure and modification, preventing cleartext credentials from being embedded in the web portal's HTML source.

prevent

Requires establishment of secure configuration settings for the RAS web portal to avoid exposure of cleartext credentials in hidden HTML elements.

References