Search criteria
2 vulnerabilities found for ex13000e by exagrid
VAR-201704-0308
Vulnerability from variot - Updated: 2025-04-20 23:32ExaGrid appliances with firmware before 4.8 P26 have a default password of (1) inflection for the root shell account and (2) support for the support account in the web interface, which allows remote attackers to obtain administrative access via an SSH or HTTP session. ExaGrid is prone to multiple unauthorized-access vulnerabilities. Successfully exploiting these issues may allow an attacker to gain unauthorized access, obtain sensitive information and perform unauthorized actions; This may lead to other attacks. ExaGrid is a backup and recovery storage device based on the Linux platform of ExaGrid Company of the United States that provides deduplication function. ExaGrid appliances using firmware versions prior to 4.8 P26 have a security vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0308",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ex10000e",
"scope": "eq",
"trust": 2.4,
"vendor": "exagrid",
"version": "4.8"
},
{
"model": "ex13000e",
"scope": "eq",
"trust": 2.4,
"vendor": "exagrid",
"version": "4.8"
},
{
"model": "ex21000e",
"scope": "eq",
"trust": 2.4,
"vendor": "exagrid",
"version": "4.8"
},
{
"model": "ex3000",
"scope": "eq",
"trust": 2.4,
"vendor": "exagrid",
"version": "4.8"
},
{
"model": "ex32000e",
"scope": "eq",
"trust": 2.4,
"vendor": "exagrid",
"version": "4.8"
},
{
"model": "ex40000e",
"scope": "eq",
"trust": 2.4,
"vendor": "exagrid",
"version": "4.8"
},
{
"model": "ex5000",
"scope": "eq",
"trust": 2.4,
"vendor": "exagrid",
"version": "4.8"
},
{
"model": "ex7000",
"scope": "eq",
"trust": 2.4,
"vendor": "exagrid",
"version": "4.8"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008502"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-168"
},
{
"db": "NVD",
"id": "CVE-2016-1560"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:exagrid:ex10000e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:exagrid:ex13000e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:exagrid:ex21000e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:exagrid:ex3000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:exagrid:ex32000e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:exagrid:ex40000e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:exagrid:ex5000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:exagrid:ex7000_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008502"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "egypt",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-168"
}
],
"trust": 0.6
},
"cve": "CVE-2016-1560",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-1560",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-90379",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-1560",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1560",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-1560",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-168",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-90379",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-1560",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90379"
},
{
"db": "VULMON",
"id": "CVE-2016-1560"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008502"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-168"
},
{
"db": "NVD",
"id": "CVE-2016-1560"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ExaGrid appliances with firmware before 4.8 P26 have a default password of (1) inflection for the root shell account and (2) support for the support account in the web interface, which allows remote attackers to obtain administrative access via an SSH or HTTP session. ExaGrid is prone to multiple unauthorized-access vulnerabilities. \nSuccessfully exploiting these issues may allow an attacker to gain unauthorized access, obtain sensitive information and perform unauthorized actions; This may lead to other attacks. ExaGrid is a backup and recovery storage device based on the Linux platform of ExaGrid Company of the United States that provides deduplication function. ExaGrid appliances using firmware versions prior to 4.8 P26 have a security vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1560"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008502"
},
{
"db": "BID",
"id": "86020"
},
{
"db": "VULHUB",
"id": "VHN-90379"
},
{
"db": "VULMON",
"id": "CVE-2016-1560"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-90379",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=41680",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90379"
},
{
"db": "VULMON",
"id": "CVE-2016-1560"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1560",
"trust": 2.9
},
{
"db": "PACKETSTORM",
"id": "136634",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008502",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-168",
"trust": 0.7
},
{
"db": "BID",
"id": "86020",
"trust": 0.4
},
{
"db": "EXPLOIT-DB",
"id": "41680",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-90379",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-1560",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90379"
},
{
"db": "VULMON",
"id": "CVE-2016-1560"
},
{
"db": "BID",
"id": "86020"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008502"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-168"
},
{
"db": "NVD",
"id": "CVE-2016-1560"
}
]
},
"id": "VAR-201704-0308",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-90379"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:32:59.860000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.exagrid.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008502"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90379"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008502"
},
{
"db": "NVD",
"id": "CVE-2016-1560"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://packetstormsecurity.com/files/136634/exagrid-known-ssh-key-default-password.html"
},
{
"trust": 1.9,
"url": "http://www.rapid7.com/db/modules/exploit/linux/ssh/exagrid_known_privkey"
},
{
"trust": 1.8,
"url": "https://community.rapid7.com/community/infosec/blog/2016/04/07/r7-2016-04-exagrid-backdoor-ssh-keys-and-hardcoded-credentials"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1560"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1560"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/86020"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/41680/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90379"
},
{
"db": "VULMON",
"id": "CVE-2016-1560"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008502"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-168"
},
{
"db": "NVD",
"id": "CVE-2016-1560"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-90379"
},
{
"db": "VULMON",
"id": "CVE-2016-1560"
},
{
"db": "BID",
"id": "86020"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008502"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-168"
},
{
"db": "NVD",
"id": "CVE-2016-1560"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-21T00:00:00",
"db": "VULHUB",
"id": "VHN-90379"
},
{
"date": "2017-04-21T00:00:00",
"db": "VULMON",
"id": "CVE-2016-1560"
},
{
"date": "2016-04-06T00:00:00",
"db": "BID",
"id": "86020"
},
{
"date": "2017-05-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008502"
},
{
"date": "2016-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-168"
},
{
"date": "2017-04-21T20:59:00.447000",
"db": "NVD",
"id": "CVE-2016-1560"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-27T00:00:00",
"db": "VULHUB",
"id": "VHN-90379"
},
{
"date": "2017-04-27T00:00:00",
"db": "VULMON",
"id": "CVE-2016-1560"
},
{
"date": "2016-04-06T00:00:00",
"db": "BID",
"id": "86020"
},
{
"date": "2017-05-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008502"
},
{
"date": "2017-04-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-168"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-1560"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-168"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ExaGrid Vulnerabilities that can gain management access in appliance firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008502"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-168"
}
],
"trust": 0.6
}
}
VAR-201704-0309
Vulnerability from variot - Updated: 2025-04-20 23:32ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorized_keys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a private key from another installation or a firmware image. ExaGrid is prone to multiple unauthorized-access vulnerabilities. Successfully exploiting these issues may allow an attacker to gain unauthorized access, obtain sensitive information and perform unauthorized actions; This may lead to other attacks. ExaGrid is a backup and recovery storage device based on the Linux platform of ExaGrid Company of the United States that provides deduplication function. ExaGrid appliances using firmware versions prior to 4.8 P26 have a security vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0309",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ex10000e",
"scope": "eq",
"trust": 2.4,
"vendor": "exagrid",
"version": "4.8"
},
{
"model": "ex13000e",
"scope": "eq",
"trust": 2.4,
"vendor": "exagrid",
"version": "4.8"
},
{
"model": "ex21000e",
"scope": "eq",
"trust": 2.4,
"vendor": "exagrid",
"version": "4.8"
},
{
"model": "ex3000",
"scope": "eq",
"trust": 2.4,
"vendor": "exagrid",
"version": "4.8"
},
{
"model": "ex32000e",
"scope": "eq",
"trust": 2.4,
"vendor": "exagrid",
"version": "4.8"
},
{
"model": "ex40000e",
"scope": "eq",
"trust": 2.4,
"vendor": "exagrid",
"version": "4.8"
},
{
"model": "ex5000",
"scope": "eq",
"trust": 2.4,
"vendor": "exagrid",
"version": "4.8"
},
{
"model": "ex7000",
"scope": "eq",
"trust": 2.4,
"vendor": "exagrid",
"version": "4.8"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008503"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-169"
},
{
"db": "NVD",
"id": "CVE-2016-1561"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:exagrid:ex10000e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:exagrid:ex13000e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:exagrid:ex21000e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:exagrid:ex3000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:exagrid:ex32000e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:exagrid:ex40000e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:exagrid:ex5000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:exagrid:ex7000_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008503"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "egypt",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-169"
}
],
"trust": 0.6
},
"cve": "CVE-2016-1561",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-1561",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-90380",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-1561",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1561",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-1561",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-169",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-90380",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2016-1561",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90380"
},
{
"db": "VULMON",
"id": "CVE-2016-1561"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008503"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-169"
},
{
"db": "NVD",
"id": "CVE-2016-1561"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorized_keys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a private key from another installation or a firmware image. ExaGrid is prone to multiple unauthorized-access vulnerabilities. \nSuccessfully exploiting these issues may allow an attacker to gain unauthorized access, obtain sensitive information and perform unauthorized actions; This may lead to other attacks. ExaGrid is a backup and recovery storage device based on the Linux platform of ExaGrid Company of the United States that provides deduplication function. ExaGrid appliances using firmware versions prior to 4.8 P26 have a security vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1561"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008503"
},
{
"db": "BID",
"id": "86020"
},
{
"db": "VULHUB",
"id": "VHN-90380"
},
{
"db": "VULMON",
"id": "CVE-2016-1561"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-90380",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=41680",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90380"
},
{
"db": "VULMON",
"id": "CVE-2016-1561"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1561",
"trust": 2.9
},
{
"db": "PACKETSTORM",
"id": "136634",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008503",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-169",
"trust": 0.7
},
{
"db": "BID",
"id": "86020",
"trust": 0.4
},
{
"db": "EXPLOIT-DB",
"id": "41680",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-90380",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-1561",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90380"
},
{
"db": "VULMON",
"id": "CVE-2016-1561"
},
{
"db": "BID",
"id": "86020"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008503"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-169"
},
{
"db": "NVD",
"id": "CVE-2016-1561"
}
]
},
"id": "VAR-201704-0309",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-90380"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:32:59.825000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.exagrid.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008503"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90380"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008503"
},
{
"db": "NVD",
"id": "CVE-2016-1561"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://packetstormsecurity.com/files/136634/exagrid-known-ssh-key-default-password.html"
},
{
"trust": 1.9,
"url": "http://www.rapid7.com/db/modules/exploit/linux/ssh/exagrid_known_privkey"
},
{
"trust": 1.8,
"url": "https://community.rapid7.com/community/infosec/blog/2016/04/07/r7-2016-04-exagrid-backdoor-ssh-keys-and-hardcoded-credentials"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1561"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1561"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/86020"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/41680/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90380"
},
{
"db": "VULMON",
"id": "CVE-2016-1561"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008503"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-169"
},
{
"db": "NVD",
"id": "CVE-2016-1561"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-90380"
},
{
"db": "VULMON",
"id": "CVE-2016-1561"
},
{
"db": "BID",
"id": "86020"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008503"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-169"
},
{
"db": "NVD",
"id": "CVE-2016-1561"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-21T00:00:00",
"db": "VULHUB",
"id": "VHN-90380"
},
{
"date": "2017-04-21T00:00:00",
"db": "VULMON",
"id": "CVE-2016-1561"
},
{
"date": "2016-04-06T00:00:00",
"db": "BID",
"id": "86020"
},
{
"date": "2017-05-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008503"
},
{
"date": "2016-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-169"
},
{
"date": "2017-04-21T20:59:00.477000",
"db": "NVD",
"id": "CVE-2016-1561"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-27T00:00:00",
"db": "VULHUB",
"id": "VHN-90380"
},
{
"date": "2017-04-27T00:00:00",
"db": "VULMON",
"id": "CVE-2016-1561"
},
{
"date": "2016-04-06T00:00:00",
"db": "BID",
"id": "86020"
},
{
"date": "2017-05-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008503"
},
{
"date": "2017-04-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-169"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-1561"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-169"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ExaGrid In the appliance firmware SSH Vulnerability for which access rights are acquired",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008503"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-169"
}
],
"trust": 0.6
}
}