← back
CVE-2019-25706

Across DR-810 ROM-0 Unauthenticated File Disclosure

CVSS 8.7 HIGHEPSS 0.5%CWE-538
Across DR-810 contains an unauthenticated file disclosure vulnerability that allows remote attackers to download the rom-0 backup file containing sensitive information by sending a simple GET request. Attackers can access the rom-0 endpoint without authentication to retrieve and decompress the backup file, exposing router passwords and other sensitive configuration data.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Affected products
Across · DR-810
public PoCs found1
cve_referencewww.exploit-db.com/exploits/46132unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.exploit-db.com/exploits/46132https://www.vulncheck.com/advisories/across-dr-810-rom-0-unauthenticated-file-disclosurehttp://www.ac.i8i.ir/