High severity7.5NVD Advisory· Published Apr 12, 2026· Updated Apr 13, 2026

CVE-2019-25706

Description

Across DR-810 contains an unauthenticated file disclosure vulnerability that allows remote attackers to download the rom-0 backup file containing sensitive information by sending a simple GET request. Attackers can access the rom-0 endpoint without authentication to retrieve and decompress the backup file, exposing router passwords and other sensitive configuration data.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.ac.i8i.irnvd
www.exploit-db.com/exploits/46132nvd
www.vulncheck.com/advisories/across-dr-810-rom-0-unauthenticated-file-disclosurenvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000