Two vulnerabilities exist in version 7.20 of the grafana component of the Netnifty BI product: file reading and default password.

The default password is：admin/admin

Verification Screenshot

Login page Prompted to change the password, here proves that the default password of grafana component is the above given: admin/admin.Click the skip button here to skip the default password change Successful login

This is magically modified from the payload of grafana's file reading vulnerability (CVE-2021-43798).

payload

/monitor/public/plugins/text/#/../../../../../../../../../../etc/passwd

Verification Screenshot