header-logo
Suggest Exploit
vendor:
iBall-Baton WRA150N
by:
h4cks1n
4.3
CVSS
MEDIUM
Rom-0 Exploit
N/A
CWE
Product Name: iBall-Baton WRA150N
Affected Version From: iBall-Baton WRA150N
Affected Version To: iBall-Baton WRA150N
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows 7/8/8.1/10, Parrot Linux OS
2021

iBall-Baton WRA150N Rom-0 Backup – File Disclosure (Sensitive Information)

The iBall-Baton router version WRA150N is vulnerable to the Rom-0 exploit. The rom-0 is a file which contains the ADSL Login credentials. In the case of this router the access to this file is unusually not encrypted. The file can be accessed by typing the WiFi IP address in the browser followed by /rom-0 (For example - 192.168.1.1/rom-0). The rom-0 file will be downloaded. The file is obfuscated, however. It needs to be deobfuscated using online decryptors or by using threat 9's routersploit and using router/multi/rom-0 module.

Mitigation:

Encrypt the rom-0 file and restrict access to it.
Source

Exploit-DB raw data:

# Exploit Title: iBall-Baton WRA150N Rom-0 Backup - File Disclosure (Sensitive Information)
# Date: 07/01/2021
# Exploit Author: h4cks1n
# Vendor Homepage: iball.co.in
# Version: iBall-Baton WRA150N
#Tested on : Windows 7/8/8.1/10, Parrot Linux OS


# The iBall-Baton router version WRA150N is vulnerable to the Rom-0
Extraction exploit.

The rom-0 is a file which contains the ADSL Login credentials.

In the case of this router the access to this file is unusually not
encrypted.

The file can be accessed by following methods:


Method 1 : Type the WiFi IP address in the browser followed by /rom-0 (For
example - 192.168.1.1/rom-0). The rom-0 file will be downloaded. The file
is obfuscated,however.It needs to be deobfuscated using online decryptors

#Online Rom-0 decryptor - http://www.routerpwn.com/zynos/
#Offline Rom-0 decryptor - https://github.com/rootkick/Rom-0-Decoder

Method 2: (Linux)
This full process can be automated by using threat 9's routersploit

Routersploit Download- https://github.com/threat9/routersploit

Download and run routersploit and use router/multi/rom-0  module

Navigation

Suggest Exploit

Services By CQR