Wojciech Cybowski

**Name of the Vulnerable Software and Affected Versions** Pix-Link LV-WR21Q version V108 108 Pix-Link LV-WR21Q (affected versions not specified) **Description** The Pix-Link LV-WR21Q device does not require authentication for the `/goform/getHomePageInfo` API endpoint. This allows a remote, unauthenticated attacker to access the endpoint and potentially retrieve the cleartext password for the access point. The vendor was notified of this issue but did not provide details regarding vulnerable version ranges. **Recommendations** Apply a patch or update to a newer version that addresses this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Pix-Link LV-WR21Q router version V108 108 Pix-Link LV-WR21Q router (affected versions not specified) **Description** A flaw exists in the language module of the Pix-Link LV-WR21Q router that allows remote attackers to cause a denial of service (DoS). This is achieved by sending a specially crafted HTTP POST request containing a non-existing language parameter. The server is then unable to serve the correct `lang.js` file, which prevents the administrator panel from functioning, resulting in a DoS. The DoS only impacts the administrator panel and does not affect other router functionalities. **Recommendations** Revert the language settings to a correct value.

**Name of the Vulnerable Software and Affected Versions** WODESYS WD-R608U router versions prior to WDR28081123OV1.01 WODESYS WDR122B V2.0 (affected versions not specified) WODESYS WDR28 (affected versions not specified) **Description** The admin password for WODESYS routers is stored in a configuration file as plaintext. This allows an unauthorized user to obtain the password through direct access to the resource. The vendor was notified of this issue but did not provide details about vulnerable versions or a response. Only version WDR28081123OV1.01 was confirmed as vulnerable, and other versions may also be affected. **Recommendations** Update to version WDR28081123OV1.01 or later. For WODESYS WDR122B V2.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For WODESYS WDR28, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WODESYS WD-R608U router versions prior to WDR28081123OV1.01 WODESYS WDR122B V2.0 (affected versions not specified) WODESYS WDR28 (affected versions not specified) **Description** A lack of authentication in the configuration change module within the `/adm.cgi` API endpoint allows an unauthenticated attacker to execute commands. These commands include creating backups, restarting the device, and resetting the device to factory settings. **Recommendations** Update WODESYS WD-R608U router to version WDR28081123OV1.01 or later. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WODESYS WD-R608U router versions prior to WDR28081123OV1.01 WODESYS WDR122B V2.0 (affected versions not specified) WODESYS WDR28 (affected versions not specified) **Description** An unauthorized user can view configuration files by directly referencing the resource. The vendor was notified of this issue but did not provide details about vulnerable versions. Only version WDR28081123OV1.01 was confirmed as vulnerable, and other versions may also be affected. **Recommendations** Update to version WDR28081123OV1.01 or later.

**Name of the Vulnerable Software and Affected Versions** WODESYS WD-R608U router versions prior to WDR28081123OV1.01 WODESYS WDR122B V2.0 (affected versions not specified) WODESYS WDR28 (affected versions not specified) **Description** The WODESYS WD-R608U router, also known as WDR122B V2.0 and WDR28, exhibits a Broken Access Control issue within the initial configuration wizard.cgi endpoint. An attacker can modify the administrator panel password without authorization. This issue persists even after the initial configuration is completed. The vendor was notified but did not provide details regarding vulnerable version ranges. **Recommendations** Update to version WDR28081123OV1.01 or later.

**Name of the Vulnerable Software and Affected Versions** WODESYS WD-R608U router versions prior to WDR28081123OV1.01 WODESYS WDR122B V2.0 (affected versions not specified) WODESYS WDR28 (affected versions not specified) **Description** A lack of input validation in the `langGet` parameter of the `/adm.cgi` API endpoint allows for the execution of system shell commands. The vendor was notified but did not provide details regarding vulnerable version ranges. Testing confirmed that version WDR28081123OV1.01 is vulnerable, and other versions may also be affected. **Recommendations** Update to version WDR28081123OV1.01 or later. Restrict access to the `/adm.cgi` endpoint. Sanitize the `langGet` parameter to prevent command injection.