Search criteria
10 vulnerabilities found for WDR28 by WODESYS
CVE-2025-65011 (GCVE-0-2025-65011)
Vulnerability from nvd – Published: 2025-12-18 15:10 – Updated: 2025-12-18 18:51
VLAI?
Title
Unauthorized Access to files in WODESYS WD-R608U router
Summary
In WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) an unauthorised user can view configuration files by directly referencing the resource in question.
The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version WDR28081123OV1.01 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
Severity ?
CWE
- CWE-425 - Direct Request ('Forced Browsing')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Credits
Wojciech Cybowski
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-65011",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T15:18:15.535885Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T18:51:50.142Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "WD-R608U",
"vendor": "WODESYS",
"versions": [
{
"status": "affected",
"version": "WDR28081123OV1.01",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "WDR28",
"vendor": "WODESYS",
"versions": [
{
"status": "affected",
"version": "WDR28081123OV1.01",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "WDR122B V2.0",
"vendor": "WODESYS",
"versions": [
{
"status": "affected",
"version": "WDR28081123OV1.01",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wojciech Cybowski"
}
],
"datePublic": "2025-12-18T15:10:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In WODESYS WD-R608U router (also known as \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWDR122B V2.0 and WDR28)\u003c/span\u003e an unauthorised user can view configuration files by directly referencing the resource in question.\u003cbr\u003e\u003cbr\u003eThe vendor was notified early about this vulnerability, but didn\u0027t respond with the details of vulnerability or vulnerable version range. Only version WDR28081123OV1.01 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.\u003cbr\u003e"
}
],
"value": "In WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) an unauthorised user can view configuration files by directly referencing the resource in question.\n\nThe vendor was notified early about this vulnerability, but didn\u0027t respond with the details of vulnerability or vulnerable version range. Only version WDR28081123OV1.01 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable."
}
],
"impacts": [
{
"capecId": "CAPEC-639",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-639 Probe System Files"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-425",
"description": "CWE-425 Direct Request (\u0027Forced Browsing\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T15:10:35.763Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"product"
],
"url": "http://www.wodesys.com/eproductms52.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/posts/2025/12/CVE-2025-65007"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wcyb/security_research"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Unauthorized Access to files in WODESYS WD-R608U router",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2025-65011",
"datePublished": "2025-12-18T15:10:35.763Z",
"dateReserved": "2025-11-13T09:42:15.302Z",
"dateUpdated": "2025-12-18T18:51:50.142Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-65010 (GCVE-0-2025-65010)
Vulnerability from nvd – Published: 2025-12-18 15:10 – Updated: 2025-12-18 18:51
VLAI?
Title
Missing authorizations for admin panel password change in WODESYS WD-R608U router
Summary
WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) is vulnerable to Broken Access Control in initial configuration wizard.cgi endpoint. Malicious attacker can change admin panel password without authorization. The vulnerability can also be exploited after the initial configuration has been set.
The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version WDR28081123OV1.01 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
Severity ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Credits
Wojciech Cybowski
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-65010",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T15:18:31.065391Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T18:51:57.363Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "WD-R608U",
"vendor": "WODESYS",
"versions": [
{
"status": "affected",
"version": "WDR28081123OV1.01",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "WDR28",
"vendor": "WODESYS",
"versions": [
{
"status": "affected",
"version": "WDR28081123OV1.01",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "WDR122B V2.0",
"vendor": "WODESYS",
"versions": [
{
"status": "affected",
"version": "WDR28081123OV1.01",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wojciech Cybowski"
}
],
"datePublic": "2025-12-18T15:09:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "WODESYS\u0026nbsp;WD-R608U router (also known as \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWDR122B V2.0 and WDR28)\u003c/span\u003e is vulnerable\u0026nbsp;to Broken Access Control in initial configuration wizard.cgi endpoint. Malicious attacker can change \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eadmin panel\u003c/span\u003e password without authorization. The vulnerability can also be exploited after the initial configuration has been set.\u003cbr\u003e\u003cbr\u003eThe vendor was notified early about this vulnerability, but didn\u0027t respond with the details of vulnerability or vulnerable version range. Only version WDR28081123OV1.01 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.\u003cbr\u003e"
}
],
"value": "WODESYS\u00a0WD-R608U router (also known as WDR122B V2.0 and WDR28) is vulnerable\u00a0to Broken Access Control in initial configuration wizard.cgi endpoint. Malicious attacker can change admin panel password without authorization. The vulnerability can also be exploited after the initial configuration has been set.\n\nThe vendor was notified early about this vulnerability, but didn\u0027t respond with the details of vulnerability or vulnerable version range. Only version WDR28081123OV1.01 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T15:10:34.174Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"product"
],
"url": "http://www.wodesys.com/eproductms52.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/posts/2025/12/CVE-2025-65007"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wcyb/security_research"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Missing authorizations for admin panel password change in WODESYS WD-R608U router",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2025-65010",
"datePublished": "2025-12-18T15:10:34.174Z",
"dateReserved": "2025-11-13T09:42:15.302Z",
"dateUpdated": "2025-12-18T18:51:57.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-65009 (GCVE-0-2025-65009)
Vulnerability from nvd – Published: 2025-12-18 15:10 – Updated: 2025-12-18 18:52
VLAI?
Title
Insecure Password Storage in WODESYS WD-R608U router
Summary
In WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) admin password is stored in configuration file as plaintext and can be obtained by unauthorized user by direct references to the resource in question.
The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version WDR28081123OV1.01 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
Severity ?
CWE
- CWE-256 - Plaintext Storage of a Password
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Credits
Wojciech Cybowski
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-65009",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T15:18:52.153666Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T18:52:06.654Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "WD-R608U",
"vendor": "WODESYS",
"versions": [
{
"status": "affected",
"version": "WDR28081123OV1.01",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "WDR28",
"vendor": "WODESYS",
"versions": [
{
"status": "affected",
"version": "WDR28081123OV1.01",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "WDR122B V2.0",
"vendor": "WODESYS",
"versions": [
{
"status": "affected",
"version": "WDR28081123OV1.01",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wojciech Cybowski"
}
],
"datePublic": "2025-12-18T15:09:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In WODESYS WD-R608U router (also known as \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWDR122B V2.0 and WDR28)\u003c/span\u003e\u0026nbsp;\u003cspan style=\"background-color: rgba(221, 223, 228, 0.1);\"\u003eadmin password is stored in configuration file as plaintext\u003c/span\u003e\u0026nbsp;and can be obtained by unauthorized user by direct references to the resource in question.\u003cbr\u003e\u003cbr\u003eThe vendor was notified early about this vulnerability, but didn\u0027t respond with the details of vulnerability or vulnerable version range. Only version WDR28081123OV1.01 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.\u003cbr\u003e"
}
],
"value": "In WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28)\u00a0admin password is stored in configuration file as plaintext\u00a0and can be obtained by unauthorized user by direct references to the resource in question.\n\nThe vendor was notified early about this vulnerability, but didn\u0027t respond with the details of vulnerability or vulnerable version range. Only version WDR28081123OV1.01 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "CWE-256 Plaintext Storage of a Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T15:10:31.234Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"product"
],
"url": "http://www.wodesys.com/eproductms52.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2025/12/CVE-2025-65007"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wcyb/security_research"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Insecure Password Storage in WODESYS WD-R608U router",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2025-65009",
"datePublished": "2025-12-18T15:10:31.234Z",
"dateReserved": "2025-11-13T09:42:15.302Z",
"dateUpdated": "2025-12-18T18:52:06.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-65008 (GCVE-0-2025-65008)
Vulnerability from nvd – Published: 2025-12-18 15:10 – Updated: 2025-12-18 18:52
VLAI?
Title
OS Command Injection in WODESYS WD-R608U router
Summary
In WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) due to lack of validation in the langGet parameter in the adm.cgi endpoint, the malicious attacker can execute system shell commands.
The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version WDR28081123OV1.01 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Credits
Wojciech Cybowski
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-65008",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T15:19:03.761645Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T18:52:13.794Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "WD-R608U",
"vendor": "WODESYS",
"versions": [
{
"status": "affected",
"version": "WDR28081123OV1.01",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "WDR28",
"vendor": "WODESYS",
"versions": [
{
"status": "affected",
"version": "WDR28081123OV1.01",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "WDR122B V2.0",
"vendor": "WODESYS",
"versions": [
{
"status": "affected",
"version": "WDR28081123OV1.01",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wojciech Cybowski"
}
],
"datePublic": "2025-12-18T15:09:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In WODESYS WD-R608U router (also known as \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWDR122B V2.0 and WDR28)\u003c/span\u003e\u0026nbsp;due to lack of validation in the langGet parameter in the adm.cgi endpoint, the malicious attacker can execute system shell commands.\u003cbr\u003e\u003cbr\u003eThe vendor was notified early about this vulnerability, but didn\u0027t respond with the details of vulnerability or vulnerable version range. Only version WDR28081123OV1.01 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.\u003cbr\u003e"
}
],
"value": "In WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28)\u00a0due to lack of validation in the langGet parameter in the adm.cgi endpoint, the malicious attacker can execute system shell commands.\n\nThe vendor was notified early about this vulnerability, but didn\u0027t respond with the details of vulnerability or vulnerable version range. Only version WDR28081123OV1.01 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T15:10:27.392Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"product"
],
"url": "http://www.wodesys.com/eproductms52.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2025/12/CVE-2025-65007"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wcyb/security_research"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OS Command Injection in WODESYS WD-R608U router",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2025-65008",
"datePublished": "2025-12-18T15:10:27.392Z",
"dateReserved": "2025-11-13T09:42:15.301Z",
"dateUpdated": "2025-12-18T18:52:13.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-65007 (GCVE-0-2025-65007)
Vulnerability from nvd – Published: 2025-12-18 15:10 – Updated: 2025-12-18 18:52
VLAI?
Title
Missing Authentication for Critical Function in WODESYS WD-R608U router
Summary
In WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) due to lack of authentication in the configuration change module in the adm.cgi endpoint, the unauthenticated attacker can execute commands including backup creation, device restart and resetting the device to factory settings.
The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version WDR28081123OV1.01 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
Severity ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Credits
Wojciech Cybowski
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-65007",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T15:19:17.683766Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T18:52:21.718Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "WD-R608U",
"vendor": "WODESYS",
"versions": [
{
"status": "affected",
"version": "WDR28081123OV1.01",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "WDR28",
"vendor": "WODESYS",
"versions": [
{
"status": "affected",
"version": "WDR28081123OV1.01",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "WDR122B V2.0",
"vendor": "WODESYS",
"versions": [
{
"status": "affected",
"version": "WDR28081123OV1.01",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wojciech Cybowski"
}
],
"datePublic": "2025-12-18T15:09:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In WODESYS WD-R608U router (also known as\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWDR122B V2.0 and WDR28)\u003c/span\u003e due to lack of authentication in the configuration change module in the adm.cgi endpoint, the unauthenticated attacker can execute commands including backup creation, device restart and resetting the device to factory settings.\u003cbr\u003e\u003cbr\u003eThe vendor was notified early about this vulnerability, but didn\u0027t respond with the details of vulnerability or vulnerable version range. Only version WDR28081123OV1.01 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.\u003cbr\u003e"
}
],
"value": "In WODESYS WD-R608U router (also known as\u00a0WDR122B V2.0 and WDR28) due to lack of authentication in the configuration change module in the adm.cgi endpoint, the unauthenticated attacker can execute commands including backup creation, device restart and resetting the device to factory settings.\n\nThe vendor was notified early about this vulnerability, but didn\u0027t respond with the details of vulnerability or vulnerable version range. Only version WDR28081123OV1.01 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T15:10:22.464Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"product"
],
"url": "http://www.wodesys.com/eproductms52.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2025/12/CVE-2025-65007"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wcyb/security_research"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Missing Authentication for Critical Function in WODESYS WD-R608U router",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2025-65007",
"datePublished": "2025-12-18T15:10:22.464Z",
"dateReserved": "2025-11-13T09:42:15.300Z",
"dateUpdated": "2025-12-18T18:52:21.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-65011 (GCVE-0-2025-65011)
Vulnerability from cvelistv5 – Published: 2025-12-18 15:10 – Updated: 2025-12-18 18:51
VLAI?
Title
Unauthorized Access to files in WODESYS WD-R608U router
Summary
In WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) an unauthorised user can view configuration files by directly referencing the resource in question.
The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version WDR28081123OV1.01 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
Severity ?
CWE
- CWE-425 - Direct Request ('Forced Browsing')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Credits
Wojciech Cybowski
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-65011",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T15:18:15.535885Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T18:51:50.142Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "WD-R608U",
"vendor": "WODESYS",
"versions": [
{
"status": "affected",
"version": "WDR28081123OV1.01",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "WDR28",
"vendor": "WODESYS",
"versions": [
{
"status": "affected",
"version": "WDR28081123OV1.01",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "WDR122B V2.0",
"vendor": "WODESYS",
"versions": [
{
"status": "affected",
"version": "WDR28081123OV1.01",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wojciech Cybowski"
}
],
"datePublic": "2025-12-18T15:10:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In WODESYS WD-R608U router (also known as \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWDR122B V2.0 and WDR28)\u003c/span\u003e an unauthorised user can view configuration files by directly referencing the resource in question.\u003cbr\u003e\u003cbr\u003eThe vendor was notified early about this vulnerability, but didn\u0027t respond with the details of vulnerability or vulnerable version range. Only version WDR28081123OV1.01 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.\u003cbr\u003e"
}
],
"value": "In WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) an unauthorised user can view configuration files by directly referencing the resource in question.\n\nThe vendor was notified early about this vulnerability, but didn\u0027t respond with the details of vulnerability or vulnerable version range. Only version WDR28081123OV1.01 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable."
}
],
"impacts": [
{
"capecId": "CAPEC-639",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-639 Probe System Files"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-425",
"description": "CWE-425 Direct Request (\u0027Forced Browsing\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T15:10:35.763Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"product"
],
"url": "http://www.wodesys.com/eproductms52.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/posts/2025/12/CVE-2025-65007"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wcyb/security_research"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Unauthorized Access to files in WODESYS WD-R608U router",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2025-65011",
"datePublished": "2025-12-18T15:10:35.763Z",
"dateReserved": "2025-11-13T09:42:15.302Z",
"dateUpdated": "2025-12-18T18:51:50.142Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-65010 (GCVE-0-2025-65010)
Vulnerability from cvelistv5 – Published: 2025-12-18 15:10 – Updated: 2025-12-18 18:51
VLAI?
Title
Missing authorizations for admin panel password change in WODESYS WD-R608U router
Summary
WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) is vulnerable to Broken Access Control in initial configuration wizard.cgi endpoint. Malicious attacker can change admin panel password without authorization. The vulnerability can also be exploited after the initial configuration has been set.
The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version WDR28081123OV1.01 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
Severity ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Credits
Wojciech Cybowski
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-65010",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T15:18:31.065391Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T18:51:57.363Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "WD-R608U",
"vendor": "WODESYS",
"versions": [
{
"status": "affected",
"version": "WDR28081123OV1.01",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "WDR28",
"vendor": "WODESYS",
"versions": [
{
"status": "affected",
"version": "WDR28081123OV1.01",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "WDR122B V2.0",
"vendor": "WODESYS",
"versions": [
{
"status": "affected",
"version": "WDR28081123OV1.01",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wojciech Cybowski"
}
],
"datePublic": "2025-12-18T15:09:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "WODESYS\u0026nbsp;WD-R608U router (also known as \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWDR122B V2.0 and WDR28)\u003c/span\u003e is vulnerable\u0026nbsp;to Broken Access Control in initial configuration wizard.cgi endpoint. Malicious attacker can change \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eadmin panel\u003c/span\u003e password without authorization. The vulnerability can also be exploited after the initial configuration has been set.\u003cbr\u003e\u003cbr\u003eThe vendor was notified early about this vulnerability, but didn\u0027t respond with the details of vulnerability or vulnerable version range. Only version WDR28081123OV1.01 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.\u003cbr\u003e"
}
],
"value": "WODESYS\u00a0WD-R608U router (also known as WDR122B V2.0 and WDR28) is vulnerable\u00a0to Broken Access Control in initial configuration wizard.cgi endpoint. Malicious attacker can change admin panel password without authorization. The vulnerability can also be exploited after the initial configuration has been set.\n\nThe vendor was notified early about this vulnerability, but didn\u0027t respond with the details of vulnerability or vulnerable version range. Only version WDR28081123OV1.01 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T15:10:34.174Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"product"
],
"url": "http://www.wodesys.com/eproductms52.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/posts/2025/12/CVE-2025-65007"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wcyb/security_research"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Missing authorizations for admin panel password change in WODESYS WD-R608U router",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2025-65010",
"datePublished": "2025-12-18T15:10:34.174Z",
"dateReserved": "2025-11-13T09:42:15.302Z",
"dateUpdated": "2025-12-18T18:51:57.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-65009 (GCVE-0-2025-65009)
Vulnerability from cvelistv5 – Published: 2025-12-18 15:10 – Updated: 2025-12-18 18:52
VLAI?
Title
Insecure Password Storage in WODESYS WD-R608U router
Summary
In WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) admin password is stored in configuration file as plaintext and can be obtained by unauthorized user by direct references to the resource in question.
The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version WDR28081123OV1.01 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
Severity ?
CWE
- CWE-256 - Plaintext Storage of a Password
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Credits
Wojciech Cybowski
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-65009",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T15:18:52.153666Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T18:52:06.654Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "WD-R608U",
"vendor": "WODESYS",
"versions": [
{
"status": "affected",
"version": "WDR28081123OV1.01",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "WDR28",
"vendor": "WODESYS",
"versions": [
{
"status": "affected",
"version": "WDR28081123OV1.01",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "WDR122B V2.0",
"vendor": "WODESYS",
"versions": [
{
"status": "affected",
"version": "WDR28081123OV1.01",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wojciech Cybowski"
}
],
"datePublic": "2025-12-18T15:09:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In WODESYS WD-R608U router (also known as \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWDR122B V2.0 and WDR28)\u003c/span\u003e\u0026nbsp;\u003cspan style=\"background-color: rgba(221, 223, 228, 0.1);\"\u003eadmin password is stored in configuration file as plaintext\u003c/span\u003e\u0026nbsp;and can be obtained by unauthorized user by direct references to the resource in question.\u003cbr\u003e\u003cbr\u003eThe vendor was notified early about this vulnerability, but didn\u0027t respond with the details of vulnerability or vulnerable version range. Only version WDR28081123OV1.01 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.\u003cbr\u003e"
}
],
"value": "In WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28)\u00a0admin password is stored in configuration file as plaintext\u00a0and can be obtained by unauthorized user by direct references to the resource in question.\n\nThe vendor was notified early about this vulnerability, but didn\u0027t respond with the details of vulnerability or vulnerable version range. Only version WDR28081123OV1.01 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "CWE-256 Plaintext Storage of a Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T15:10:31.234Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"product"
],
"url": "http://www.wodesys.com/eproductms52.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2025/12/CVE-2025-65007"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wcyb/security_research"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Insecure Password Storage in WODESYS WD-R608U router",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2025-65009",
"datePublished": "2025-12-18T15:10:31.234Z",
"dateReserved": "2025-11-13T09:42:15.302Z",
"dateUpdated": "2025-12-18T18:52:06.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-65008 (GCVE-0-2025-65008)
Vulnerability from cvelistv5 – Published: 2025-12-18 15:10 – Updated: 2025-12-18 18:52
VLAI?
Title
OS Command Injection in WODESYS WD-R608U router
Summary
In WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) due to lack of validation in the langGet parameter in the adm.cgi endpoint, the malicious attacker can execute system shell commands.
The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version WDR28081123OV1.01 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Credits
Wojciech Cybowski
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-65008",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T15:19:03.761645Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T18:52:13.794Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "WD-R608U",
"vendor": "WODESYS",
"versions": [
{
"status": "affected",
"version": "WDR28081123OV1.01",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "WDR28",
"vendor": "WODESYS",
"versions": [
{
"status": "affected",
"version": "WDR28081123OV1.01",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "WDR122B V2.0",
"vendor": "WODESYS",
"versions": [
{
"status": "affected",
"version": "WDR28081123OV1.01",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wojciech Cybowski"
}
],
"datePublic": "2025-12-18T15:09:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In WODESYS WD-R608U router (also known as \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWDR122B V2.0 and WDR28)\u003c/span\u003e\u0026nbsp;due to lack of validation in the langGet parameter in the adm.cgi endpoint, the malicious attacker can execute system shell commands.\u003cbr\u003e\u003cbr\u003eThe vendor was notified early about this vulnerability, but didn\u0027t respond with the details of vulnerability or vulnerable version range. Only version WDR28081123OV1.01 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.\u003cbr\u003e"
}
],
"value": "In WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28)\u00a0due to lack of validation in the langGet parameter in the adm.cgi endpoint, the malicious attacker can execute system shell commands.\n\nThe vendor was notified early about this vulnerability, but didn\u0027t respond with the details of vulnerability or vulnerable version range. Only version WDR28081123OV1.01 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T15:10:27.392Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"product"
],
"url": "http://www.wodesys.com/eproductms52.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2025/12/CVE-2025-65007"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wcyb/security_research"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OS Command Injection in WODESYS WD-R608U router",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2025-65008",
"datePublished": "2025-12-18T15:10:27.392Z",
"dateReserved": "2025-11-13T09:42:15.301Z",
"dateUpdated": "2025-12-18T18:52:13.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-65007 (GCVE-0-2025-65007)
Vulnerability from cvelistv5 – Published: 2025-12-18 15:10 – Updated: 2025-12-18 18:52
VLAI?
Title
Missing Authentication for Critical Function in WODESYS WD-R608U router
Summary
In WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) due to lack of authentication in the configuration change module in the adm.cgi endpoint, the unauthenticated attacker can execute commands including backup creation, device restart and resetting the device to factory settings.
The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version WDR28081123OV1.01 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
Severity ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Credits
Wojciech Cybowski
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-65007",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T15:19:17.683766Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T18:52:21.718Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "WD-R608U",
"vendor": "WODESYS",
"versions": [
{
"status": "affected",
"version": "WDR28081123OV1.01",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "WDR28",
"vendor": "WODESYS",
"versions": [
{
"status": "affected",
"version": "WDR28081123OV1.01",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "WDR122B V2.0",
"vendor": "WODESYS",
"versions": [
{
"status": "affected",
"version": "WDR28081123OV1.01",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wojciech Cybowski"
}
],
"datePublic": "2025-12-18T15:09:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In WODESYS WD-R608U router (also known as\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWDR122B V2.0 and WDR28)\u003c/span\u003e due to lack of authentication in the configuration change module in the adm.cgi endpoint, the unauthenticated attacker can execute commands including backup creation, device restart and resetting the device to factory settings.\u003cbr\u003e\u003cbr\u003eThe vendor was notified early about this vulnerability, but didn\u0027t respond with the details of vulnerability or vulnerable version range. Only version WDR28081123OV1.01 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.\u003cbr\u003e"
}
],
"value": "In WODESYS WD-R608U router (also known as\u00a0WDR122B V2.0 and WDR28) due to lack of authentication in the configuration change module in the adm.cgi endpoint, the unauthenticated attacker can execute commands including backup creation, device restart and resetting the device to factory settings.\n\nThe vendor was notified early about this vulnerability, but didn\u0027t respond with the details of vulnerability or vulnerable version range. Only version WDR28081123OV1.01 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T15:10:22.464Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"product"
],
"url": "http://www.wodesys.com/eproductms52.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2025/12/CVE-2025-65007"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wcyb/security_research"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Missing Authentication for Critical Function in WODESYS WD-R608U router",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2025-65007",
"datePublished": "2025-12-18T15:10:22.464Z",
"dateReserved": "2025-11-13T09:42:15.300Z",
"dateUpdated": "2025-12-18T18:52:21.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}