📄 Description (English)
Across DR-810 contains an unauthenticated file disclosure vulnerability that allows remote attackers to download the rom-0 backup file containing sensitive information by sending a simple GET request. Attackers can access the rom-0 endpoint without authentication to retrieve and decompress the backup file, exposing router passwords and other sensitive configuration data.
🤖 AI Executive Summary
CVE-2019-25706 is a critical unauthenticated file disclosure vulnerability in Across DR-810 devices that allows remote attackers to download sensitive backup files (rom-0) containing router passwords and configuration data via simple GET requests. With no authentication required and no patch available, this vulnerability poses an immediate risk to organizations using these devices. The vulnerability enables complete compromise of network infrastructure security through exposure of administrative credentials.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Apr 30, 2026 01:21
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability critically impacts Saudi telecommunications providers (STC, Mobily, Zain), government agencies (NCA, CITC), and banking institutions that may use Across DR-810 devices for network infrastructure. Exposure of router credentials enables lateral movement within critical infrastructure networks, potentially compromising SAMA-regulated financial systems, government networks, and telecom backbone infrastructure. Energy sector organizations (ARAMCO, SEC) and healthcare providers using these devices face direct risk of operational technology compromise. The lack of authentication requirement makes this vulnerability exploitable from the internet without insider access.
🏢 Affected Saudi Sectors
Telecommunications (STC, Mobily, Zain)
Government (NCA, CITC, Ministry of Interior)
Banking and Financial Services (SAMA-regulated institutions)
Energy (ARAMCO, SEC)
Healthcare
Critical Infrastructure
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
8.8
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all Across DR-810 devices in your network using network scanning tools (nmap, Shodan queries for 'Across DR-810')
2. Isolate affected devices from internet-facing networks immediately
3. Implement network segmentation to restrict access to DR-810 management interfaces
4. Change all router administrative credentials immediately
5. Review backup files and configuration exports for unauthorized access
COMPENSATING CONTROLS (no patch available):
6. Deploy WAF/IPS rules to block GET requests to /rom-0 endpoint
7. Implement strict firewall rules allowing access only from authorized management networks
8. Enable comprehensive logging and monitoring of all access attempts to device management interfaces
9. Deploy network-based intrusion detection signatures for rom-0 file access attempts
10. Consider replacement with patched alternative devices from vendors with active security support
DETECTION RULES:
- Monitor for GET requests to /rom-0 or backup file endpoints
- Alert on any unauthenticated access to device management interfaces
- Track successful file downloads from network devices
- Monitor for decompression of .rom or backup file formats
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع أجهزة Across DR-810 في شبكتك باستخدام أدوات المسح (nmap، استعلامات Shodan)
2. عزل الأجهزة المتأثرة عن الشبكات المتصلة بالإنترنت فوراً
3. تنفيذ تقسيم الشبكة لتقييد الوصول إلى واجهات إدارة DR-810
4. تغيير جميع بيانات اعتماد المسؤول للموجه فوراً
5. مراجعة ملفات النسخ الاحتياطية والتصديرات للوصول غير المصرح به
الضوابط البديلة (لا يوجد تصحيح متاح):
6. نشر قواعد WAF/IPS لحظر طلبات GET إلى نقطة نهاية /rom-0
7. تنفيذ قواعد جدار الحماية الصارمة للسماح بالوصول من شبكات الإدارة المصرح بها فقط
8. تفعيل السجلات الشاملة ومراقبة جميع محاولات الوصول إلى واجهات إدارة الجهاز
9. نشر توقيعات كشف التسلل القائمة على الشبكة لمحاولات الوصول إلى ملف rom-0
10. النظر في استبدال الأجهزة بأجهزة بديلة معدلة من البائعين الذين يتمتعون بدعم أمان نشط
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.6.1.1 - Information Security Policies and Procedures
ECC 2024 A.6.2.1 - Access Control and Authentication
ECC 2024 A.6.3.1 - Cryptography and Data Protection
ECC 2024 A.6.4.1 - Network Security and Segmentation
ECC 2024 A.6.5.1 - Incident Detection and Response
🔵 SAMA CSF
SAMA CSF ID.AM-2 - Hardware and Software Inventory
SAMA CSF PR.AC-1 - Access Control and Authentication
SAMA CSF PR.DS-1 - Data Security and Encryption
SAMA CSF DE.CM-1 - Detection and Monitoring
SAMA CSF RS.MI-1 - Incident Response and Mitigation
🟡 ISO 27001:2022
ISO 27001:2022 A.5.15 - Access Control
ISO 27001:2022 A.5.16 - Authentication
ISO 27001:2022 A.8.3 - Cryptography
ISO 27001:2022 A.8.22 - Monitoring
ISO 27001:2022 A.8.24 - Event Logging
🟣 PCI DSS v4.0.1
PCI DSS 1.2.1 - Firewall Configuration Standards
PCI DSS 2.1 - Default Passwords and Security Parameters
PCI DSS 6.2 - Security Patches and Updates
PCI DSS 10.2 - User Access Logging