← back
CVE-2019-12310

CVE-2019-12310

EPSS 3.3%
ExaGrid appliances with firmware version v4.8.1.1044.P50 have a /monitor/data/Upgrade/ directory traversal vulnerability, which allows remote attackers to view and retrieve verbose logging information. Files within this directory were observed to contain sensitive run-time information, including Base64 encoded 'support' credentials, leading to administrative access of the device.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://exagrid.com/exagrid-products/resources/https://www.inquisitllc.com/exagrid-directory-traversal-vulnerability-to-support-credential-extraction/