CVE-2016-1561

HIGH

ExaGrid <4.8 P26 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2016-1561. PoCs published by Metasploit, egypt, including Metasploit module exploits/linux/ssh/exagrid_known_privkey.

AI-analyzed exploit summary This Metasploit module exploits CVE-2016-1561 by leveraging a hardcoded SSH private key and default password ('inflection') to gain root access on ExaGrid backup appliances. It attempts authentication via both the private key and password, then spawns an interactive shell upon successful login.

Description

ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorized_keys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a private key from another installation or a firmware image.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotelinux

https://www.exploit-db.com/exploits/41680

View Code ZIP pw:eip

This Metasploit module exploits CVE-2016-1561 by leveraging a hardcoded SSH private key and default password ('inflection') to gain root access on ExaGrid backup appliances. It attempts authentication via both the private key and password, then spawns an interactive shell upon successful login.

Classification

Working Poc 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: ExaGrid backup appliances (multiple versions)

No auth needed

Prerequisites: Network access to the target's SSH port (22) · ExaGrid appliance with default credentials or hardcoded SSH key

MITRE ATT&CK

T1078.001 - Default Accounts T1078.004 - Cloud Accounts T1550.003 - Pass the Ticket

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by egypt · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/ssh/exagrid_known_privkey.rb

View Code ZIP pw:eip

This Metasploit module exploits ExaGrid backup appliances by leveraging a known SSH private key or default password ('inflection') for root authentication, enabling unauthorized remote access.

Classification

Working Poc 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: ExaGrid backup appliances

No auth needed

Prerequisites: Network access to the target SSH port (22)

MITRE ATT&CK

T1021.004 - SSH

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/136634/ExaGrid-Known-SSH-Key-Default-Password.html

Exploit, Mitigation, Third Party Advisory x_refsource_misc

https://community.rapid7.com/community/infosec/blog/2016/04/07/r7-2016-04-exagrid-backdoor-ssh-keys-and-hardcoded-credentials

Third Party Advisory x_refsource_misc

http://www.rapid7.com/db/modules/exploit/linux/ssh/exagrid_known_privkey

Scores

CVSS v3 7.5

EPSS 0.7426

EPSS Percentile 99.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-200

Status published

Products (8)

exagrid/ex10000e_firmware 4.8

exagrid/ex13000e_firmware 4.8

exagrid/ex21000e_firmware 4.8

exagrid/ex3000_firmware 4.8

exagrid/ex32000e_firmware 4.8

exagrid/ex40000e_firmware 4.8

exagrid/ex5000_firmware 4.8

exagrid/ex7000_firmware 4.8

Published Apr 21, 2017

Tracked Since Feb 18, 2026