iBall-Baton WRA150N File Disclosure

CVE Category Price Severity
CVE-2016-10792 CWE-22 $500 Critical
Author Risk Exploitation Type Date
Jay Turla High Remote 2021-01-08
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 0.00676 0.33075

CVSS vector description

Our sensors found this exploit at:

Below is a copy:

iBall-Baton WRA150N File Disclosure
# Exploit Title: iBall-Baton WRA150N Rom-0 Backup - File Disclosure (Sensitive Information)
# Date: 07/01/2021
# Exploit Author: h4cks1n
# Vendor Homepage:
# Version: iBall-Baton WRA150N
#Tested on : Windows 7/8/8.1/10, Parrot Linux OS

# The iBall-Baton router version WRA150N is vulnerable to the Rom-0
Extraction exploit.

The rom-0 is a file which contains the ADSL Login credentials.

In the case of this router the access to this file is unusually not

The file can be accessed by following methods:

Method 1 : Type the WiFi IP address in the browser followed by /rom-0 (For
example - The rom-0 file will be downloaded. The file
is obfuscated,however.It needs to be deobfuscated using online decryptors

#Online Rom-0 decryptor -
#Offline Rom-0 decryptor -

Method 2: (Linux)
This full process can be automated by using threat 9's routersploit

Routersploit Download-

Download and run routersploit and use router/multi/rom-0  module

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum