CVE-2025-65009
Unknown Unknown - Not Provided

Plaintext Admin Password Disclosure in WODESYS WD-R608U Router

Vulnerability report for CVE-2025-65009, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-18

Last updated on: 2025-12-18

Assigner: CERT.PL

Description

In WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) admin password is stored in configuration file as plaintext and can be obtained by unauthorized user by direct references to the resource in question. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version WDR28081123OV1.01 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-18
Last Modified
2025-12-18
Generated
2026-07-06
AI Q&A
2025-12-18
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
wodesys wd-r608u wdr28081123ov1.01

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-256 The product stores a password in plaintext within resources such as memory or files.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability involves the WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) storing the admin password in the configuration file as plaintext. An unauthorized user can obtain this password by directly accessing the resource containing the configuration file.

Impact Analysis

The vulnerability allows unauthorized users to obtain the admin password in plaintext, which can lead to unauthorized access to the router's administrative functions. This can compromise the security of the network and connected devices.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-65009. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart