PT-2025-52249 · Wodesys · Wdr122B V2.0+2
Wojciech Cybowski
·
Published
2025-12-18
·
Updated
2025-12-18
·
CVE-2025-65010
CVSS v4.0
7.1
High
| Vector | AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
WODESYS WD-R608U router versions prior to WDR28081123OV1.01
WODESYS WDR122B V2.0 (affected versions not specified)
WODESYS WDR28 (affected versions not specified)
Description
The WODESYS WD-R608U router, also known as WDR122B V2.0 and WDR28, exhibits a Broken Access Control issue within the initial configuration wizard.cgi endpoint. An attacker can modify the administrator panel password without authorization. This issue persists even after the initial configuration is completed. The vendor was notified but did not provide details regarding vulnerable version ranges.
Recommendations
Update to version WDR28081123OV1.01 or later.
Exploit
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wd-R608U
Wdr122B V2.0
Wdr28