Today, Rapid7 is disclosing a vulnerability discovered by James “egyp7″ Lee of Rapid7 that affects ExaGrid storage devices running firmware prior to version 4.8 P26. James discovered that an attacker can exploit these issues with common client tools: an SSH terminal client and a web browser. All that is needed are the default credentials and the ability to connect to the device over a network.
Since alerting ExaGrid of these vulnerabilities, the issues have been fixed. A statement from Bill Andrews, CEO of ExaGrid, about the disclosure is below:
“ExaGrid prides itself on meeting customer requirements,” said Bill Andrews, CEO of ExaGrid. “Security is without question a top priority, and we take any such issues very seriously. When we were informed by Rapid7 of a potential security weakness, we addressed it immediately. We value Rapid7’s involvement in identifying security risks since strong security will always be a key customer requirement.”
For your reference, more information about this disclosure can be found here: https://community.rapid7.com/community/infosec/blog/2016/04/07/r7-2016-04-exagrid-backdoor-ssh-keys-and-hardcoded-credentials
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
Recent Comments
Chat systems such as Slack and Teams need to be…
“This is a sophisticated phishing scam that will catch out…
“Cybersecurity is increasingly complex, in part, due to the interconnected…
“Unfortunately, time and time again we see NGOs, hospitals and…
As I have always said - it is verified trust…