Egypt

**Name of the Vulnerable Software and Affected Versions** ExaGrid appliances versions prior to 4.8 P26 **Description** The issue allows remote attackers to obtain SSH access by leveraging knowledge of a private key from another installation or a firmware image, due to a default SSH public key in the authorized keys file for root. **Recommendations** For versions prior to 4.8 P26, update the firmware to version 4.8 P26 or later to resolve the issue. As a temporary workaround, consider removing the default SSH public key from the authorized keys file for root to prevent unauthorized access.

**Name of the Vulnerable Software and Affected Versions** ExaGrid appliances with firmware before 4.8 P26 **Description** The issue is related to the use of default credentials in ExaGrid backup devices' firmware. Exploitation of this issue may allow a remote attacker to gain root access to the device using the default password 'inflection' for the root account via SSH or HTTP protocols. This could potentially allow administrative access to the device. **Recommendations** For ExaGrid appliances with firmware before 4.8 P26, update the firmware to version 4.8 P26 or later to change the default password for the root shell account and remove support for the default support account in the web interface. As a temporary workaround, consider changing the default password for the root account and disabling the support account in the web interface until a firmware update can be applied.