Cyber Resilience

CVE-2019-25706

HighPublic PoC

Published: 12 April 2026

Published
12 April 2026
Modified
13 April 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0053 40.9th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2019-25706 is a high-severity Insertion of Sensitive Information into Externally-Accessible File or Directory (CWE-538) vulnerability in I8I (inferred from references). Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Credentials In Files (T1552.001); ranked at the 40.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-22 (Publicly Accessible Content).

Deeper analysis

CVE-2019-25706 is an unauthenticated file disclosure vulnerability in the Across DR-810 router. It allows remote attackers to download the rom-0 backup file, which contains sensitive information including router passwords and other configuration data, by sending a simple GET request to the rom-0 endpoint without any authentication. The vulnerability is rated with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and is associated with CWE-538 (Insertion of Sensitive Information into Log File).

Remote attackers with network access to the affected router can exploit this vulnerability without privileges or user interaction. By accessing the rom-0 endpoint via a GET request, they can retrieve the backup file, decompress it, and extract sensitive data such as passwords and configuration details, potentially enabling further network compromise or lateral movement.

Advisories and references, including the Vulncheck advisory on the Across DR-810 rom-0 unauthenticated file disclosure and an Exploit-DB entry (exploit 46132), document the issue, with the latter providing a proof-of-concept exploit. Additional details are available at http://www.ac.i8i.ir/. No specific patch or mitigation details are outlined in the provided information.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Across DR-810 contains an unauthenticated file disclosure vulnerability that allows remote attackers to download the rom-0 backup file containing sensitive information by sending a simple GET request. Attackers can access the rom-0 endpoint without authentication to retrieve and decompress the…

more

backup file, exposing router passwords and other sensitive configuration data.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
T1602.002 Network Device Configuration Dump Collection
Adversaries may access network configuration files to collect sensitive data about the device and the network.
Why these techniques?

Direct unauthenticated disclosure of rom-0 backup file containing router passwords (credentials in files) and configuration data (network device config dump).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-23838Shared CWE-538
CVE-2026-27173Shared CWE-538
CVE-2023-54346Shared CWE-538
CVE-2016-20024Shared CWE-538
CVE-2020-37104Shared CWE-538
CVE-2026-21672Shared CWE-538
CVE-2026-49298Shared CWE-538
CVE-2025-12059Shared CWE-538
CVE-2025-11079Shared CWE-538

Affected Assets

I8I
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prohibits permitting unauthenticated access to sensitive functions like the rom-0 endpoint that discloses backup files containing passwords and configuration data.

prevent

Requires restrictions on access to publicly accessible content, preventing exposure of sensitive router backup files via unauthenticated GET requests.

prevent

Enforces protections against unauthorized information disclosure through public interfaces, mitigating the unauthenticated download of sensitive rom-0 backup files.

References