CVE-2016-1560

CRITICAL

ExaGrid EX3000 Firmware - Use of Hard-coded Credentials

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2016-1560. PoCs published by egypt, including Metasploit module exploits/linux/ssh/exagrid_known_privkey.

AI-analyzed exploit summary This Metasploit module exploits CVE-2016-1560 and CVE-2016-1561 by leveraging a known SSH private key and default password ('inflection') to gain root access on ExaGrid backup appliances. It attempts authentication via both the hardcoded SSH key and the default password, providing an interactive shell upon successful login.

Description

ExaGrid appliances with firmware before 4.8 P26 have a default password of (1) inflection for the root shell account and (2) support for the support account in the web interface, which allows remote attackers to obtain administrative access via an SSH or HTTP session.

Exploits (2)

metasploit WORKING POC EXCELLENT

by egypt · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/ssh/exagrid_known_privkey.rb

View Code ZIP pw:eip

This Metasploit module exploits CVE-2016-1560 and CVE-2016-1561 by leveraging a known SSH private key and default password ('inflection') to gain root access on ExaGrid backup appliances. It attempts authentication via both the hardcoded SSH key and the default password, providing an interactive shell upon successful login.

Classification

Working Poc 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: ExaGrid backup appliances

No auth needed

Prerequisites: SSH service accessible on port 22 · Target system running ExaGrid software with unpatched credentials

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed Jun 05, 2026 Full analysis →

exploitdb WORKING POC

rubyremotelinux

https://www.exploit-db.com/exploits/41680

View Code ZIP pw:eip

This Metasploit module exploits CVE-2016-1560 and CVE-2016-1561 by leveraging a hardcoded SSH private key and default password ('inflection') to authenticate as root on ExaGrid backup appliances. It attempts both key-based and password-based authentication to gain remote command execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: ExaGrid backup appliances

No auth needed

Prerequisites: Network access to the target SSH port (default 22) · ExaGrid appliance with default credentials or hardcoded SSH key

MITRE ATT&CK

T1078.001 - Default Accounts T1078.004 - Cloud Accounts T1021.004 - SSH

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/136634/ExaGrid-Known-SSH-Key-Default-Password.html

Exploit, Mitigation, Third Party Advisory x_refsource_misc

https://community.rapid7.com/community/infosec/blog/2016/04/07/r7-2016-04-exagrid-backdoor-ssh-keys-and-hardcoded-credentials

Third Party Advisory x_refsource_misc

http://www.rapid7.com/db/modules/exploit/linux/ssh/exagrid_known_privkey

Scores

CVSS v3 9.8

EPSS 0.8167

EPSS Percentile 99.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-798

Status published

Products (8)

exagrid/ex10000e_firmware 4.8

exagrid/ex13000e_firmware 4.8

exagrid/ex21000e_firmware 4.8

exagrid/ex3000_firmware 4.8

exagrid/ex32000e_firmware 4.8

exagrid/ex40000e_firmware 4.8

exagrid/ex5000_firmware 4.8

exagrid/ex7000_firmware 4.8

Published Apr 21, 2017

Tracked Since Feb 18, 2026