CVE-2019-25706

HIGH

Across DR-810 ROM-0 Unauthenticated File Disclosure

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25706. PoCs published by SajjadBnd.

AI-analyzed exploit summary The exploit demonstrates an unauthenticated file disclosure vulnerability in Across DR-810 ROM-0 Backup, allowing attackers to download sensitive information (e.g., router passwords) via a simple GET request to `/rom-0`.

Description

Across DR-810 contains an unauthenticated file disclosure vulnerability that allows remote attackers to download the rom-0 backup file containing sensitive information by sending a simple GET request. Attackers can access the rom-0 endpoint without authentication to retrieve and decompress the backup file, exposing router passwords and other sensitive configuration data.

Exploits (1)

exploitdb WORKING POC
by SajjadBnd · textwebappshardware
https://www.exploit-db.com/exploits/46132

The exploit demonstrates an unauthenticated file disclosure vulnerability in Across DR-810 ROM-0 Backup, allowing attackers to download sensitive information (e.g., router passwords) via a simple GET request to `/rom-0`.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Across DR-810 ROM-0 Backup
No auth needed
Prerequisites: network access to the target device
devstral-2 · analyzed Apr 12, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit exploit
ExploitDB-46132
https://www.exploit-db.com/exploits/46132
Product product
Official Product Homepage
http://www.ac.i8i.ir/
Third Party Advisory third-party-advisory
VulnCheck Advisory: Across DR-810 ROM-0 Unauthenticated File Disclosure
https://www.vulncheck.com/advisories/across-dr-810-rom-0-unauthenticated-file-disclosure

Scores

CVSS v3 7.5
EPSS 0.0053
EPSS Percentile 40.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-538
Status published
Products (1)
Across/DR-810 ROM-0
Published Apr 12, 2026
Tracked Since Apr 12, 2026