Description
ExaGrid appliances with firmware version v4.8.1.1044.P50 have a /monitor/data/Upgrade/ directory traversal vulnerability, which allows remote attackers to view and retrieve verbose logging information. Files within this directory were observed to contain sensitive run-time information, including Base64 encoded 'support' credentials, leading to administrative access of the device.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://exagrid.com/exagrid-products/resources/
Exploit, Third Party Advisory x_refsource_misc
https://www.inquisitllc.com/exagrid-directory-traversal-vulnerability-to-support-credential-extraction/
Scores
CVSS v3
9.8
EPSS
0.0325
EPSS Percentile
86.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-22
Status
published
Products (1)
exagrid/backup_appliance_firmware
48.1.1044.p50
Published
Jun 03, 2019
Tracked Since
Feb 18, 2026