Across DR-810 Unauthenticated File Disclosure Vulnerability

A file disclosure vulnerability has been identified in the Across DR-810 application, specifically within the RomPager UPnP implementation. This vulnerability allows remote attackers to download the 'rom-0' backup file, which contains sensitive information such as router passwords and other configuration data. The issue arises from the 'rom-0' endpoint being accessible without authentication, enabling attackers to retrieve and decompress the backup file by sending a simple GET request.

Impact

Exploitation of this vulnerability leads to unauthorized access to sensitive information, including router passwords and configuration data, which could be misused to compromise the affected device or network.

Reproduction

To reproduce this vulnerability, send a GET request to the '/rom-0' endpoint of the affected device. The 'rom-0' backup file will be downloaded automatically. Once downloaded, the file can be decompressed to reveal the stored passwords and sensitive configuration information.