cbcvebase.

Wodesys Wd-R608U vulnerabilities

5 known vulnerabilities affecting wodesys/wd-r608u.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH4

Vulnerabilities

Page 1 of 1
CVE-2025-65008P2CRITICALCVSS 9.4vWDR28081123OV1.012025-12-18
CVE-2025-65008 [CRITICAL] CWE-78 CVE-2025-65008: In WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) due to lack of validation in the l In WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) due to lack of validation in the langGet parameter in the adm.cgi endpoint, the malicious attacker can execute system shell commands. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only versio
nvd
CVE-2025-65007P3HIGHCVSS 8.7vWDR28081123OV1.012025-12-18
CVE-2025-65007 [HIGH] CWE-306 CVE-2025-65007: In WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) due to lack of authentication in t In WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) due to lack of authentication in the configuration change module in the adm.cgi endpoint, the unauthenticated attacker can execute commands including backup creation, device restart and resetting the device to factory settings. The vendor was notified early about this vulnerability, bu
nvd
CVE-2025-65010P3HIGHCVSS 7.1vWDR28081123OV1.012025-12-18
CVE-2025-65010 [HIGH] CWE-306 CVE-2025-65010: WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) is vulnerable to Broken Access Contro WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) is vulnerable to Broken Access Control in initial configuration wizard.cgi endpoint. Malicious attacker can change admin panel password without authorization. The vulnerability can also be exploited after the initial configuration has been set. The vendor was notified early about this vul
nvd
CVE-2025-65011P3HIGHCVSS 7.1vWDR28081123OV1.012025-12-18
CVE-2025-65011 [HIGH] CWE-425 CVE-2025-65011: In WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) an unauthorised user can view conf In WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) an unauthorised user can view configuration files by directly referencing the resource in question. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version WDR28081123OV1.01 was tested and co
nvd
CVE-2025-65009P4HIGHCVSS 7.1vWDR28081123OV1.012025-12-18
CVE-2025-65009 [HIGH] CWE-256 CVE-2025-65009: In WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) admin password is stored in config In WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) admin password is stored in configuration file as plaintext and can be obtained by unauthorized user by direct references to the resource in question. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version rang
nvd
Wodesys Wd-R608U vulnerabilities | cvebase