EIP-2026-101527

PRE-CVE

ARRIS DG860A - NVRAM Backup Password Disclosure

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101527. PoCs published by Justin Oberdorf.

AI-analyzed exploit summary This Ruby script exploits an information leak vulnerability in ARRIS DG860A routers by downloading and decrypting the 'router.data' backup file, which contains plaintext credentials. The script uses XOR-based obfuscation to decompress the backup file.

Description

ARRIS DG860A - NVRAM Backup Password Disclosure

Exploits (1)

exploitdb WORKING POC

by Justin Oberdorf · rubywebappshardware

https://www.exploit-db.com/exploits/29131

View Code ZIP pw:eip

This Ruby script exploits an information leak vulnerability in ARRIS DG860A routers by downloading and decrypting the 'router.data' backup file, which contains plaintext credentials. The script uses XOR-based obfuscation to decompress the backup file.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: ARRIS DG860A firmware (version unspecified)

No auth needed

Prerequisites: Network access to the vulnerable router · Router backup file accessible at http://<router_ip>/router.data

MITRE ATT&CK

T1592 - Gather Victim Host Information T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026