CVE-2025-65011
Unknown Unknown - Not Provided
Unauthorized Configuration File Disclosure in WODESYS WD-R608U Router

Publication date: 2025-12-18

Last updated on: 2025-12-18

Assigner: CERT.PL

Description
In WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) an unauthorised user can view configuration files by directly referencing the resource in question. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version WDR28081123OV1.01 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-18
Last Modified
2025-12-18
Generated
2026-05-07
AI Q&A
2025-12-18
EPSS Evaluated
2026-05-05
NVD
CVE-2025-65011
EUVD
EUVD-2025-204273
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
wodesys wdr122b *
wodesys wdr28 *
wodesys wd-r608u *
wodesys wdr28081123ov1.01 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-425 The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in the WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) allows an unauthorized user to view configuration files by directly accessing the resource containing those files. This means that without proper authentication, sensitive configuration data can be exposed.


How can this vulnerability impact me? :

The impact of this vulnerability is that unauthorized users can gain access to sensitive configuration files of the affected routers. This exposure can lead to further exploitation, unauthorized network access, or compromise of the device's security settings.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart