CVE-2025-65010

WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 is vulnerable to Broken Access Control in initial configuration wizard.cgi endpoint. Malicious attacker can change admin panel password without authorization. The vulnerability can also be exploited after the initial configuration has...

CVE-2025-65011

In WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 an unauthorised user can view configuration files by directly referencing the resource in question. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version...

CVE-2025-65008

In WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 due to lack of validation in the langGet parameter in the adm.cgi endpoint, the malicious attacker can execute system shell commands. The vendor was notified early about this vulnerability, but didn't respond with the details of...

CVE-2025-65008

In WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 due to lack of validation in the langGet parameter in the adm.cgi endpoint, the malicious attacker can execute system shell commands. The vendor was notified early about this vulnerability, but didn't respond with the details of...

CVE-2025-65007

In WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 due to lack of authentication in the configuration change module in the adm.cgi endpoint, the unauthenticated attacker can execute commands including backup creation, device restart and resetting the device to factory settings. The...

CVE-2025-65011 Unauthorized Access to files in WODESYS WD-R608U router

In WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 an unauthorised user can view configuration files by directly referencing the resource in question. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version...

CVE-2025-65011 Unauthorized Access to files in WODESYS WD-R608U router

In WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 an unauthorised user can view configuration files by directly referencing the resource in question. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version...

CVE-2025-65010 Missing authorizations for admin panel password change in WODESYS WD-R608U router

WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 is vulnerable to Broken Access Control in initial configuration wizard.cgi endpoint. Malicious attacker can change admin panel password without authorization. The vulnerability can also be exploited after the initial configuration has...

CVE-2025-65010

CVE-2025-65010 (WODESYS WD-R608U router / WDR122B V2.0 / WDR28) is documented with concrete details: multiple Red Hat and NVD entries describe vulnerabilities tied to the WD-R608U platform. Affected issues include Broken Access Control in the initial configuration wizard.cgi endpoint, where an at...

CVE-2025-65009 Insecure Password Storage in WODESYS WD-R608U router

In WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 admin password is stored in configuration file as plaintext and can be obtained by unauthorized user by direct references to the resource in question. The vendor was notified early about this vulnerability, but didn't respond with th...

CVE-2025-65009 Insecure Password Storage in WODESYS WD-R608U router

In WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 admin password is stored in configuration file as plaintext and can be obtained by unauthorized user by direct references to the resource in question. The vendor was notified early about this vulnerability, but didn't respond with th...

CVE-2025-65008

CVE-2025-65008 affects the WODESYS WD-R608U router (WDR122B V2.0 / WDR28). Root cause: lack of input validation in the langGet parameter of the adm.cgi endpoint, enabling an attacker to execute system shell commands. Only WDR28081123OV1.01 has been tested as vulnerable; other versions may also be...

CVE-2025-65008 OS Command Injection in WODESYS WD-R608U router

In WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 due to lack of validation in the langGet parameter in the adm.cgi endpoint, the malicious attacker can execute system shell commands. The vendor was notified early about this vulnerability, but didn't respond with the details of...

CVE-2025-65008 OS Command Injection in WODESYS WD-R608U router

In WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 due to lack of validation in the langGet parameter in the adm.cgi endpoint, the malicious attacker can execute system shell commands. The vendor was notified early about this vulnerability, but didn't respond with the details of...

CVE-2025-65007 Missing Authentication for Critical Function in WODESYS WD-R608U router

In WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 due to lack of authentication in the configuration change module in the adm.cgi endpoint, the unauthenticated attacker can execute commands including backup creation, device restart and resetting the device to factory settings. The...

CVE-2025-65007

CVE-2025-65007 affects WODESYS WD-R608U router (WDR122B V2.0 / WDR28). The issue is unauthenticated access in the adm.cgi endpoint’s configuration change module, allowing commands such as backup creation, device restart, and factory reset. Only version WDR28081123OV1.01 has been tested and confir...

WODESYS WD-R608U 安全漏洞

The WODESYS WD-R608U is a wireless router from China Xinyang WODESYS. A security vulnerability exists in the WODESYS WD-R608U that originates from a configuration file storing the administrator password in clear text, which could allow an unauthorized user to obtain the password...

PT-2025-52248

In WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 admin password is stored in configuration file as plaintext and can be obtained by unauthorized user by direct references to the resource in question. The vendor was notified early about this vulnerability, but didn't respond with th...

WODESYS WD-R608U 操作系统命令注入漏洞

WODESYS WD-R608U is a wireless router from China Xinyang WODESYS. The WODESYS WD-R608U suffers from an operating system command injection vulnerability that stems from a lack of validation of the langGet parameter of the adm.cgi endpoint, which could lead to a malicious attacker executing system...

WODESYS WD-R608U 访问控制错误漏洞

The WODESYS WD-R608U is a wireless router from China Xinyang WODESYS. An access control error vulnerability exists in the WODESYS WD-R608U that stems from a lack of authentication in the adm.cgi endpoint configuration change module, which could allow an unauthenticated attacker to execute command...