CVE-2025-65008
Unknown Unknown - Not Provided
Command Injection in WODESYS WD-R608U Router via adm.cgi Endpoint

Publication date: 2025-12-18

Last updated on: 2025-12-18

Assigner: CERT.PL

Description
In WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28)Β due to lack of validation in the langGet parameter in the adm.cgi endpoint, the malicious attacker can execute system shell commands. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version WDR28081123OV1.01 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-18
Last Modified
2025-12-18
Generated
2026-06-16
AI Q&A
2025-12-18
EPSS Evaluated
2026-06-15
NVD
CVE-2025-65008
EUVD
EUVD-2025-204269
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wodesys wd-r608u wdr28081123ov1.01
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in the WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) is due to a lack of validation in the 'langGet' parameter within the adm.cgi endpoint. This flaw allows a malicious attacker to inject and execute arbitrary system shell commands on the device, leading to unauthorized command execution. It is classified as an OS Command Injection vulnerability (CWE-78). Only firmware version WDR28081123OV1.01 was tested and confirmed vulnerable, but other versions might also be affected. [1]

Impact Analysis

This vulnerability can allow an attacker to execute arbitrary system shell commands on the affected router without any privileges or user interaction. This could lead to full compromise of the device, unauthorized access to the network, interception or manipulation of network traffic, disruption of network services, and potentially further attacks on connected systems. [1]

Detection Guidance

This vulnerability can be detected by checking if the router's adm.cgi endpoint is accessible and if the langGet parameter is vulnerable to command injection. A common approach is to send crafted HTTP requests to the adm.cgi endpoint with payloads in the langGet parameter that attempt to execute system commands. For example, using curl to test command injection: curl -v 'http://<router-ip>/adm.cgi?langGet=;id' If the response contains output from the 'id' command, the device is vulnerable. Monitoring network traffic for unusual requests to adm.cgi with suspicious langGet parameters can also help detect exploitation attempts. [1]

Mitigation Strategies

Immediate mitigation steps include restricting access to the router's web management interface (adm.cgi endpoint) by limiting it to trusted networks or IP addresses, disabling remote management if not needed, and monitoring for suspicious activity targeting the langGet parameter. Since the vendor has not provided patches or detailed version information beyond the tested vulnerable version WDR28081123OV1.01, consider upgrading to a newer firmware version if available or replacing the device with a secure alternative. Applying network-level protections such as firewall rules to block unauthorized access to the router's management interface is also recommended. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-65008. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart