CVE-2019-25706

HIGH SEVERITY

CVSS Score & Metrics

Base Score

7.5 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N                                    

Vulnerability Description

Across DR-810 contains an unauthenticated file disclosure vulnerability that allows remote attackers to download the rom-0 backup file containing sensitive information by sending a simple GET request. Attackers can access the rom-0 endpoint without authentication to retrieve and decompress the backup file, exposing router passwords and other sensitive configuration data.

Vulnerability Details

Published Date

April 12, 2026

Last Modified

April 13, 2026

CWE ID

CWE-538

Source

NVD

Vendor

Across

Product

DR-810

External References

http://www.ac.i8i.ir/
https://www.exploit-db.com/exploits/46132
https://www.vulncheck.com/advisories/across-dr-810-rom-0-unauthenticated-file-disclosure

CVE-2019-25706

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment