CVE-2025-65010

WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 is vulnerable to Broken Access Control in initial configuration wizard.cgi endpoint. Malicious attacker can change admin panel password without authorization. The vulnerability can also be exploited after the initial configuration has...

CVE-2025-65011

In WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 an unauthorised user can view configuration files by directly referencing the resource in question. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version...

CVE-2025-65010 Missing authorizations for admin panel password change in WODESYS WD-R608U router

WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 is vulnerable to Broken Access Control in initial configuration wizard.cgi endpoint. Malicious attacker can change admin panel password without authorization. The vulnerability can also be exploited after the initial configuration has...

CVE-2025-65008

CVE-2025-65008 affects the WODESYS WD-R608U router (WDR122B V2.0 / WDR28). Root cause: lack of input validation in the langGet parameter of the adm.cgi endpoint, enabling an attacker to execute system shell commands. Only WDR28081123OV1.01 has been tested as vulnerable; other versions may also be...

CVE-2025-65008 OS Command Injection in WODESYS WD-R608U router

In WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 due to lack of validation in the langGet parameter in the adm.cgi endpoint, the malicious attacker can execute system shell commands. The vendor was notified early about this vulnerability, but didn't respond with the details of...

CVE-2025-65008 OS Command Injection in WODESYS WD-R608U router

In WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 due to lack of validation in the langGet parameter in the adm.cgi endpoint, the malicious attacker can execute system shell commands. The vendor was notified early about this vulnerability, but didn't respond with the details of...

CVE-2025-65007 Missing Authentication for Critical Function in WODESYS WD-R608U router

In WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 due to lack of authentication in the configuration change module in the adm.cgi endpoint, the unauthenticated attacker can execute commands including backup creation, device restart and resetting the device to factory settings. The...

WODESYS WD-R608U 安全漏洞

The WODESYS WD-R608U is a wireless router from China Xinyang WODESYS. A security vulnerability exists in the WODESYS WD-R608U that originates from a configuration file storing the administrator password in clear text, which could allow an unauthorized user to obtain the password...

WODESYS WD-R608U 操作系统命令注入漏洞

WODESYS WD-R608U is a wireless router from China Xinyang WODESYS. The WODESYS WD-R608U suffers from an operating system command injection vulnerability that stems from a lack of validation of the langGet parameter of the adm.cgi endpoint, which could lead to a malicious attacker executing system...

WODESYS WD-R608U 访问控制错误漏洞

The WODESYS WD-R608U is a wireless router from China Xinyang WODESYS. An access control error vulnerability exists in the WODESYS WD-R608U that stems from improper initial configuration of the wizard.cgi endpoint access control, which could lead to a malicious attacker making unauthorized changes...

PT-2025-52247

In WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 due to lack of validation in the langGet parameter in the adm.cgi endpoint, the malicious attacker can execute system shell commands. The vendor was notified early about this vulnerability, but didn't respond with the details of...