# Exploit Title : ROM-0 Backup File Disclosure on DIGISOL # Date : 24-08-2017 # Exploit Author : Sudin nk # Vendor Homepage: http://www.digisol.com # Tested Routers : DG-BG1100N ADSL 2/2+ Modem Wifi Router # Tested on : Parrotsec x86_64 ROM-0 Backup File Disclosure on DIGISOL __________________________________________________________________________________________ ____________________________ A dangerous vulnerability present on many network devices which are using RomPager.The rom-0 file contains sensitive information such as the router password. There is a disclosure in which anyone can download that file without any authentication by a simple GET request. POC: > open the router IP address in your web browser, http://192.168.1.1 > Now add /rom-0 to your target address.Then a rom-0 file will be downloaded http://192.168.1.1/rom-0 > You can find the router password using rom-0 configuration decompressor. Here i used the website http://www.routerpwn.com/zynos/ for decompression.Once it decoded you can get plain text passwords Thank You. Regards, Sudin nk