EIP-2026-101916

PRE-CVE

Pirelli Discus DRG A125g - Password Disclosure

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101916. PoCs published by Sebastián Magof.

AI-analyzed exploit summary This Perl script exploits an information disclosure vulnerability in Pirelli Discus ADSL DRG A125g routers by fetching the wansinglecfg.cmd file, which leaks the admin credentials in plaintext. The script uses LWP::UserAgent to send an HTTP GET request and extracts the username and password via regex.

Description

Pirelli Discus DRG A125g - Password Disclosure

Exploits (1)

exploitdb WORKING POC

by Sebastián Magof · perlwebappshardware

https://www.exploit-db.com/exploits/29262

View Code ZIP pw:eip

This Perl script exploits an information disclosure vulnerability in Pirelli Discus ADSL DRG A125g routers by fetching the wansinglecfg.cmd file, which leaks the admin credentials in plaintext. The script uses LWP::UserAgent to send an HTTP GET request and extracts the username and password via regex.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Pirelli Discus ADSL DRG A125g

No auth needed

Prerequisites: Network access to the router's web interface · Default or known gateway IP

MITRE ATT&CK

T1592 - Gather Victim Host Information T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026