Cyber Posture

CVE-2024-26155

Medium

Published: 17 January 2025

Published
17 January 2025
Modified
30 July 2025
KEV Added
Patch
CVSS Score 6.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
EPSS Score 0.0005 15.7th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-26155 is a medium-severity Cleartext Transmission of Sensitive Information (CWE-319) vulnerability in Etictelecom Remote Access Server Firmware. Its CVSS base score is 6.8 (Medium).

Operationally, ranked at the 15.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly requires identification, reporting, and correction of the specific flaw exposing cleartext credentials, including installation of the patch to ETIC RAS version 4.5.0 or later.

IA-5 Authenticator Management good match
prevent

Mandates protection of authenticator content from unauthorized disclosure and modification, preventing cleartext credentials from being embedded in the web portal's HTML source.

CM-6 Configuration Settings partial match
prevent

Requires establishment of secure configuration settings for the RAS web portal to avoid exposure of cleartext credentials in hidden HTML elements.

NVD Description

All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 expose clear text credentials in the web portal. An attacker can access the ETIC RAS web portal and view the HTML code, which is configured to be hidden,…

more

thus allowing a connection to the ETIC RAS ssh server, which could enable an attacker to perform actions on the device.

Deeper analysisAI

CVE-2024-26155 is a vulnerability in all versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 that exposes cleartext credentials within the web portal. The HTML code containing these credentials is configured to be hidden, but an attacker can access the ETIC RAS web portal and view the source code to obtain them. This issue corresponds to CWE-319 (Cleartext Transmission of Sensitive Information) and has a CVSS v3.1 base score of 6.8 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

An attacker with network access and high privileges can exploit this vulnerability by accessing the web portal, inspecting the hidden HTML code to retrieve the cleartext credentials, and then using them to connect to the ETIC RAS SSH server. Successful exploitation enables the attacker to perform actions on the device, resulting in high confidentiality impact with a changed scope due to the credential exposure.

The CISA advisory ICSA-22-307-01 provides details on this vulnerability, and mitigation involves upgrading to ETIC Telecom RAS version 4.5.0 or later, which addresses the exposure of credentials in the web portal.

Details

CWE(s)
CWE-319

Affected Products

etictelecom
remote access server firmware
≤ 4.5.0

CVEs Like This One

CVE-2024-26153Same product: Etictelecom Remote Access Server Firmware
CVE-2024-43187Shared CWE-319
CVE-2026-32309Shared CWE-319
CVE-2025-70048Shared CWE-319
CVE-2025-0556Shared CWE-319
CVE-2026-24455Shared CWE-319
CVE-2025-27594Shared CWE-319
CVE-2020-36914Shared CWE-319
CVE-2026-30795Shared CWE-319
CVE-2026-5119Shared CWE-319

References