CVE-2025-65011
📋 TL;DR
This vulnerability allows unauthorized users to access router configuration files by directly referencing them via URL. It affects WODESYS WD-R608U routers (also sold as WDR122B V2.0 and WDR28). Attackers can potentially view sensitive network configuration details without authentication.
💻 Affected Systems
- WODESYS WD-R608U
- WDR122B V2.0
- WDR28
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers obtain full router configuration including admin credentials, network topology, and security settings, enabling complete network compromise.
Likely Case
Attackers access configuration files revealing network settings, potentially enabling further attacks or network reconnaissance.
If Mitigated
Limited exposure if router is behind firewall with strict access controls, though configuration details remain accessible to local attackers.
🎯 Exploit Status
Direct file access vulnerability requiring no authentication. Exploitation involves accessing specific URLs.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None provided
Restart Required: No
Instructions:
No official patch available. Contact vendor for firmware updates.
🔧 Temporary Workarounds
Restrict Web Interface Access
allLimit access to router web interface using firewall rules
Change Default Credentials
allChange all default passwords to prevent credential harvesting
🧯 If You Can't Patch
- Place router behind firewall with strict inbound rules
- Disable remote management features if not required
🔍 How to Verify
Check if Vulnerable:
Attempt to access configuration files via direct URL references on router web interfaceCheck Version:
Check router web interface or physical label for firmware versionVerify Fix Applied:
Test if configuration files remain accessible after applying controls📡 Detection & Monitoring
Log Indicators:
- Unusual access to configuration file URLs
- Multiple failed authentication attempts followed by configuration file access
Network Indicators:
- HTTP requests to configuration file paths from unauthorized IPs
- Unusual traffic patterns to router management interface
SIEM Query:
source_ip=external AND destination_ip=router_ip AND url_path CONTAINS 'config' OR 'backup'