BrianWGray

4 exploits Active since Aug 2018
CVE-2018-16158 WRITEUP CRITICAL WORKING POC
Eaton Power Xpert Meter 4000, 6000, and 8000 Firmware < 13.4.0.10 - Use of Hard-coded SSH Private Key
Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins (to uid 0) via the PubkeyAuthentication option.
CVSS 9.8
CVE-2016-11017 EXPLOITDB CRITICAL text WORKING POC
AKIPS Network Monitor 15.37-16.5 - Unauthenticated OS Command Injection via Username Parameter
The application login page in AKIPS Network Monitor 15.37 through 16.5 allows a remote unauthenticated attacker to execute arbitrary OS commands via shell metacharacters in the username parameter (a failed login attempt returns the command-injection output to a limited login failure field). This is fixed in 16.6.
CVSS 9.8
CVE-2018-16158 METASPLOIT CRITICAL ruby WORKING POC
Eaton Power Xpert Meter 4000, 6000, and 8000 Firmware < 13.4.0.10 - Use of Hard-coded SSH Private Key
Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins (to uid 0) via the PubkeyAuthentication option.
CVSS 9.8
EIP-2026-101259 EXPLOITDB ruby WORKING POC
Eaton Xpert Meter 13.4.0.10 - SSH Private Key Disclosure