GCVE - cpe:2.3:h:etictelecom:ras-ew-220:-:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:h:etictelecom:ras-ew-220:-:*:*:*:*:*:*:*

part: h version: - update: *

Vendor	Etictelecom (`7fab253d-0f30-54bf-bf41-9c0e5964106a`)
Product	Ras Ew 220 (`ea4190f4-df59-54f0-9b01-fe27e3ff70bc`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-3453`	not_vulnerable	2026-06-03 14:52:40.898756	ETIC Telecom Insecure Default Initialization of Resource HIGH (7.1) ETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by default. This could allow an attacker with adjacent network access to alter the configuration of the device or cause a denial-of-service condition. Published: 2023-08-23T21:14:17.553Z Updated: 2024-09-30T19:13:47.408Z Open on db.gcve.eu Reference links https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-01	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-41607`	not_vulnerable	2026-06-03 14:48:05.598211	ETIC Telecom Remote Access Server Path Traversal MEDIUM (6.2) All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s application programmable interface (API) is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords, scripts, python objects, database files, and more. Published: 2022-11-10T21:31:26.863Z Updated: 2024-10-15T17:13:11.103Z Open on db.gcve.eu Reference links https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-40981`	not_vulnerable	2026-06-03 14:48:03.880984	ETIC Telecom Remote Access Server Unrestricted Upload of File with Dangerous Type MEDIUM (5.9) All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior is vulnerable to malicious file upload. An attacker could take advantage of this to store malicious files on the server, which could override sensitive and useful existing files on the filesystem, fill the hard disk to full capacity, or compromise the affected device or computers with administrator level privileges connected to the affected device. Published: 2022-11-10T21:31:47.402Z Updated: 2024-09-16T23:40:42.388Z Open on db.gcve.eu Reference links https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-3703`	not_vulnerable	2026-06-03 14:47:58.924777	ETIC Telecom Remote Access Server Insufficient Verification of Data Authenticity HIGH (7.6) All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s web portal is vulnerable to accepting malicious firmware packages that could provide a backdoor to an attacker and provide privilege escalation to the device. Published: 2022-11-10T21:32:01.836Z Updated: 2025-04-16T17:43:14.326Z Open on db.gcve.eu Reference links https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.