VYPR
Vendor

Exagrid

Products
8
CVEs
6
Across products
16
Status
Private

Products

8

Recent CVEs

6
  • CVE-2016-1560CriApr 21, 2017
    risk 0.72cvss 9.8epss 0.72

    ExaGrid appliances with firmware before 4.8 P26 have a default password of (1) inflection for the root shell account and (2) support for the support account in the web interface, which allows remote attackers to obtain administrative access via an SSH or HTTP session.

  • CVE-2016-1561HigApr 21, 2017
    risk 0.58cvss 7.5epss 0.74

    ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorized_keys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a private key from another installation or a firmware image.

  • CVE-2025-29556HigJul 31, 2025
    risk 0.47cvss 7.3epss 0.00

    ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control. Since version 6.3, ExaGrid enforces restrictions preventing users with the Admin role from creating or modifying users with the Security Officer role without approval. However, a flaw in the account creation…

  • CVE-2025-29557MedJul 31, 2025
    risk 0.35cvss 5.4epss 0.00

    ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control in the MailConfiguration API endpoint, where users with operator-level privileges can issue an HTTP request to retrieve SMTP credentials, including plaintext passwords.

  • CVE-2025-47184MedAug 21, 2025
    risk 0.34cvss 5.3epss 0.00

    An XML external entities (XXE) injection vulnerability in the /init API endpoint in Exagid EX10 before 6.4.0 P20, 7.0.1 P12, and 7.2.0 P08 allows an authenticated, unprivileged attacker to achieve information disclosure and privilege escalation via a crafted ISys XML message.

  • CVE-2019-12310Jun 3, 2019
    risk 0.00cvss epss 0.03

    ExaGrid appliances with firmware version v4.8.1.1044.P50 have a /monitor/data/Upgrade/ directory traversal vulnerability, which allows remote attackers to view and retrieve verbose logging information. Files within this directory were observed to contain sensitive run-time…