CVE-2019-12310
N/A
N/A
Summary
ExaGrid appliances with firmware version v4.8.1.1044.P50 have a /monitor/data/Upgrade/ directory traversal vulnerability, which allows remote attackers to view and retrieve verbose logging information. Files within this directory were observed to contain sensitive run-time information, including Base64 encoded 'support' credentials, leading to administrative access of the device.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://exagrid.com/exagrid-products/resources/
- https://www.inquisitllc.com/exagrid-directory-traversal-vulnerability-to-support-credential-extraction/
References
- https://exagrid.com/exagrid-products/resources/
- https://www.inquisitllc.com/exagrid-directory-traversal-vulnerability-to-support-credential-extraction/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.