EUVD-2019-3947

Malware in sbrugna...

ExaGrid appliances path traversal vulnerability

ExaGrid appliances is a disk backup application. A path traversal vulnerability exists in ExaGrid appliances using firmware version 4.8.1.1044.P50. The vulnerability stems from the failure of a networked system or product to properly filter for special elements in a resource or file path. An...

CVE-2019-12310

ExaGrid appliances with firmware version v4.8.1.1044.P50 have a /monitor/data/Upgrade/ directory traversal vulnerability, which allows remote attackers to view and retrieve verbose logging information. Files within this directory were observed to contain sensitive run-time information, including...

Design/Logic Flaw

ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorizedkeys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a private key from another installation or a firmware image...

CVE-2016-1561

ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorizedkeys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a private key from another installation or a firmware image...

CVE-2016-1560

ExaGrid appliances with firmware before 4.8 P26 have a default password of 1 inflection for the root shell account and 2 support for the support account in the web interface, which allows remote attackers to obtain administrative access via an SSH or HTTP session...

CVE-2016-1561

ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorizedkeys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a private key from another installation or a firmware image. Recent assessments: h00die at March 24, 202...