Vulners
Lucene search
iBall-Baton WRA150N Rom-0 Backup - File Disclosure (Sensitive Information)
# Exploit Title: iBall-Baton WRA150N Rom-0 Backup - File Disclosure (Sensitive Information)
# Date: 07/01/2021
# Exploit Author: h4cks1n
# Vendor Homepage: iball.co.in
# Version: iBall-Baton WRA150N
#Tested on : Windows 7/8/8.1/10, Parrot Linux OS
# The iBall-Baton router version WRA150N is vulnerable to the Rom-0
Extraction exploit.
The rom-0 is a file which contains the ADSL Login credentials.
In the case of this router the access to this file is unusually not
encrypted.
The file can be accessed by following methods:
Method 1 : Type the WiFi IP address in the browser followed by /rom-0 (For
example - 192.168.1.1/rom-0). The rom-0 file will be downloaded. The file
is obfuscated,however.It needs to be deobfuscated using online decryptors
#Online Rom-0 decryptor - http://www.routerpwn.com/zynos/
#Offline Rom-0 decryptor - https://github.com/rootkick/Rom-0-Decoder
Method 2: (Linux)
This full process can be automated by using threat 9's routersploit
Routersploit Download- https://github.com/threat9/routersploit
Download and run routersploit and use router/multi/rom-0 moduleData
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
07 Jan 2021 00:00Current
7.4High risk
Vulners AI Score7.4