23 matches found
CVE-2025-65010
WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 is vulnerable to Broken Access Control in initial configuration wizard.cgi endpoint. Malicious attacker can change admin panel password without authorization. The vulnerability can also be exploited after the initial configuration has...
CVE-2025-65011
In WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 an unauthorised user can view configuration files by directly referencing the resource in question. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version...
CVE-2025-65010
WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 is vulnerable to Broken Access Control in initial configuration wizard.cgi endpoint. Malicious attacker can change admin panel password without authorization. The vulnerability can also be exploited after the initial configuration has...
CVE-2025-65011
In WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 an unauthorised user can view configuration files by directly referencing the resource in question. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version...
CVE-2025-65008
In WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 due to lack of validation in the langGet parameter in the adm.cgi endpoint, the malicious attacker can execute system shell commands. The vendor was notified early about this vulnerability, but didn't respond with the details of...
CVE-2025-65010 Missing authorizations for admin panel password change in WODESYS WD-R608U router
WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 is vulnerable to Broken Access Control in initial configuration wizard.cgi endpoint. Malicious attacker can change admin panel password without authorization. The vulnerability can also be exploited after the initial configuration has...
CVE-2025-65010 Missing authorizations for admin panel password change in WODESYS WD-R608U router
WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 is vulnerable to Broken Access Control in initial configuration wizard.cgi endpoint. Malicious attacker can change admin panel password without authorization. The vulnerability can also be exploited after the initial configuration has...
CVE-2025-65010
CVE-2025-65010 (WODESYS WD-R608U router / WDR122B V2.0 / WDR28) is documented with concrete details: multiple Red Hat and NVD entries describe vulnerabilities tied to the WD-R608U platform. Affected issues include Broken Access Control in the initial configuration wizard.cgi endpoint, where an at...
CVE-2025-65008
CVE-2025-65008 affects the WODESYS WD-R608U router (WDR122B V2.0 / WDR28). Root cause: lack of input validation in the langGet parameter of the adm.cgi endpoint, enabling an attacker to execute system shell commands. Only WDR28081123OV1.01 has been tested as vulnerable; other versions may also be...
CVE-2025-65008 OS Command Injection in WODESYS WD-R608U router
In WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 due to lack of validation in the langGet parameter in the adm.cgi endpoint, the malicious attacker can execute system shell commands. The vendor was notified early about this vulnerability, but didn't respond with the details of...
CVE-2025-65008 OS Command Injection in WODESYS WD-R608U router
In WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 due to lack of validation in the langGet parameter in the adm.cgi endpoint, the malicious attacker can execute system shell commands. The vendor was notified early about this vulnerability, but didn't respond with the details of...
CVE-2025-65007 Missing Authentication for Critical Function in WODESYS WD-R608U router
In WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 due to lack of authentication in the configuration change module in the adm.cgi endpoint, the unauthenticated attacker can execute commands including backup creation, device restart and resetting the device to factory settings. The...
CVE-2025-65007
CVE-2025-65007 affects WODESYS WD-R608U router (WDR122B V2.0 / WDR28). The issue is unauthenticated access in the adm.cgi endpoint’s configuration change module, allowing commands such as backup creation, device restart, and factory reset. Only version WDR28081123OV1.01 has been tested and confir...
PT-2025-52246
In WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 due to lack of authentication in the configuration change module in the adm.cgi endpoint, the unauthenticated attacker can execute commands including backup creation, device restart and resetting the device to factory settings. The...
WODESYS WD-R608U 安全漏洞
The WODESYS WD-R608U is a wireless router from China Xinyang WODESYS. A security vulnerability exists in the WODESYS WD-R608U that originates from a configuration file storing the administrator password in clear text, which could allow an unauthorized user to obtain the password...
WODESYS WD-R608U 操作系统命令注入漏洞
WODESYS WD-R608U is a wireless router from China Xinyang WODESYS. The WODESYS WD-R608U suffers from an operating system command injection vulnerability that stems from a lack of validation of the langGet parameter of the adm.cgi endpoint, which could lead to a malicious attacker executing system...
WODESYS WD-R608U 访问控制错误漏洞
The WODESYS WD-R608U is a wireless router from China Xinyang WODESYS. An access control error vulnerability exists in the WODESYS WD-R608U that stems from a lack of authentication in the adm.cgi endpoint configuration change module, which could allow an unauthenticated attacker to execute command...
PT-2025-52248
In WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 admin password is stored in configuration file as plaintext and can be obtained by unauthorized user by direct references to the resource in question. The vendor was notified early about this vulnerability, but didn't respond with th...
WODESYS WD-R608U 安全漏洞
WODESYS WD-R608U is a wireless router from China Xinyang WODESYS. A security vulnerability exists in the WODESYS WD-R608U that originates from an unauthorized user being able to directly view configuration files...
WODESYS WD-R608U 访问控制错误漏洞
The WODESYS WD-R608U is a wireless router from China Xinyang WODESYS. An access control error vulnerability exists in the WODESYS WD-R608U that stems from improper initial configuration of the wizard.cgi endpoint access control, which could lead to a malicious attacker making unauthorized changes...