ExaGrid Appliance Firmware v4.8.1.1044.P50 Directory Traversal Vulnerability

CVE-2019-12310 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

ExaGrid appliances with firmware version v4.8.1.1044.P50 have a /monitor/data/Upgrade/ directory traversal vulnerability, which allows remote attackers to view and retrieve verbose logging information. Files within this directory were observed to contain sensitive run-time information, including Base64 encoded 'support' credentials, leading to administrative access of the device.

Learn more about our Web Application Penetration Testing UK.