Platform
linux
Component
across-dr810
Fixed in
0.0.1
CVE-2019-25706 describes an unauthenticated file disclosure vulnerability present in Across DR-810 routers. This vulnerability allows attackers to retrieve the 'rom-0' backup file, potentially exposing sensitive information such as router passwords and configuration details. The vulnerability affects versions 0.0.0–ROM-0, and a direct patch is not currently available.
The primary impact of CVE-2019-25706 is the unauthorized exposure of sensitive router configuration data. Attackers can exploit this vulnerability by sending a simple GET request to the /rom-0 endpoint, bypassing authentication mechanisms. The retrieved backup file contains critical information, including router passwords, network settings, and potentially other sensitive credentials. Successful exploitation could lead to complete compromise of the router, enabling attackers to modify configurations, intercept network traffic, or use the router as a pivot point for further attacks within the network. The ease of exploitation, requiring only a simple HTTP request, significantly increases the potential for widespread compromise.
CVE-2019-25706 was published on 2026-04-12. Public proof-of-concept exploits are likely available given the simplicity of the attack. The vulnerability's ease of exploitation suggests a potential for active campaigns targeting vulnerable DR-810 routers. It is not currently listed on the CISA KEV catalog, but its simplicity and potential impact warrant close monitoring.
Exploit Status
EPSS
0.14% (35% percentile)
CISA SSVC
CVSS Vector
Due to the absence of a direct patch for CVE-2019-25706, mitigation strategies focus on restricting access to the vulnerable endpoint. The most effective approach is to implement firewall rules or access control lists (ACLs) to block external access to the /rom-0 endpoint. Consider using a Web Application Firewall (WAF) to filter requests and prevent unauthorized access. Network segmentation can also limit the potential impact by isolating the DR-810 router from critical network resources. Regularly review router configurations and monitor network traffic for suspicious activity. Since a direct fix is unavailable, continuous monitoring is crucial.
Update the Across DR-810 router firmware to the latest version available from the manufacturer. Verify the official Across website for updates and installation instructions. Disable or restrict access to the 'rom-0' endpoint if it is not required.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2019-25706 is a vulnerability allowing unauthorized download of the 'rom-0' backup file from Across DR-810 routers, potentially exposing sensitive configuration data.
If you are using Across DR-810 routers with versions 0.0.0–ROM-0 and have not implemented access restrictions to the /rom-0 endpoint, you are potentially affected.
A direct patch is not available. Mitigation involves restricting access to the /rom-0 endpoint using firewall rules, ACLs, or a WAF.
Due to the vulnerability's simplicity, active exploitation is likely, though confirmation is not publicly available at this time.
Please refer to the NVD entry for CVE-2019-25706 for the latest information and any available vendor advisories.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.