{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/file-disclosure/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2019-25706"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["cve-2019-25706","file-disclosure","router","network"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe Across DR-810 router contains an unauthenticated file disclosure vulnerability (CVE-2019-25706) that allows remote attackers to retrieve sensitive information. By sending a simple GET request to the \u003ccode\u003e/rom-0\u003c/code\u003e endpoint, an attacker can download a backup file containing router passwords, configuration details, and potentially other sensitive data. This vulnerability exists because the \u003ccode\u003e/rom-0\u003c/code\u003e endpoint does not require authentication, allowing anyone with network access to the router to retrieve the backup file. Successful exploitation leads to complete compromise of the device\u0026rsquo;s configuration and potential lateral movement within the network if credentials are reused. This vulnerability was published on 2026-04-12.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies an Across DR-810 router exposed on the network.\u003c/li\u003e\n\u003cli\u003eAttacker crafts an HTTP GET request targeting the \u003ccode\u003e/rom-0\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe router responds with the \u003ccode\u003erom-0\u003c/code\u003e backup file without requiring authentication.\u003c/li\u003e\n\u003cli\u003eAttacker downloads the \u003ccode\u003erom-0\u003c/code\u003e backup file.\u003c/li\u003e\n\u003cli\u003eAttacker decompresses the downloaded \u003ccode\u003erom-0\u003c/code\u003e file, which is likely compressed to reduce size.\u003c/li\u003e\n\u003cli\u003eThe attacker parses the decompressed file to extract sensitive information such as router passwords.\u003c/li\u003e\n\u003cli\u003eAttacker uses the extracted router passwords to gain administrative access to the router\u0026rsquo;s web interface.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows attackers to retrieve sensitive information, including router passwords and configuration data. This can lead to complete compromise of the affected router. An attacker can then modify router settings, intercept network traffic, or potentially use the compromised router as a pivot point to access other systems on the network. If the router passwords are reused across multiple systems, the impact could extend beyond the compromised router, affecting other devices and services.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor web server logs for requests to the \u003ccode\u003e/rom-0\u003c/code\u003e endpoint on Across DR-810 routers to detect potential exploitation attempts using the provided Sigma rule.\u003c/li\u003e\n\u003cli\u003eInspect network traffic for unusual downloads from Across DR-810 routers, focusing on responses from the \u003ccode\u003e/rom-0\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eBlock access to the \u003ccode\u003e/rom-0\u003c/code\u003e endpoint on Across DR-810 routers via firewall rules to prevent unauthorized access.\u003c/li\u003e\n\u003cli\u003eReview the provided reference URLs for additional context and potential mitigation strategies.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-12T13:16:33Z","date_published":"2026-04-12T13:16:33Z","id":"/briefs/2026-04-across-dr810-file-disclosure/","summary":"Across DR-810 routers are vulnerable to unauthenticated file disclosure, allowing remote attackers to download the rom-0 backup file containing sensitive information, such as router passwords and configuration data, via a simple GET request to the rom-0 endpoint.","title":"Across DR-810 Unauthenticated File Disclosure Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-04-across-dr810-file-disclosure/"}],"language":"en","title":"CraftedSignal Threat Feed — File-Disclosure","version":"https://jsonfeed.org/version/1.1"}