Primary

Context

Garmin WDU Reflected Cross-Site Scripting Vulnerability

Vulnerability

A reflected cross-site scripting vulnerability has been identified in the Garmin WDU web application, specifically in versions 1.1.4.6 and 2.5.0. This vulnerability allows an attacker on the same local network segment to execute arbitrary JavaScript within the context of the WDU webpage. Successful exploitation could lead to full administrative access on the device. To exploit this vulnerability, a victim must first visit a specific URL served by the WDU and then click on a designated element on the page.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, enabling the execution of arbitrary JavaScript in the context of the affected web page.

Remediation

Users can update to Garmin WDU version 7.00, released on April 2, 2026, which addresses this vulnerability.

Added: May 13, 2026, 9:37 PM

Updated: May 13, 2026, 9:37 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.4

exploitability

4.4

remediation

0.0

relevance

8.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.4

exploitability

4.4

remediation

0.0

relevance

8.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Garmin WDU Reflected Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Garmin EmpirBus WDUv2

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating