WODESYS WD-R608U Router OS Command Injection Vulnerability

Vulnerability

An OS command injection vulnerability has been identified in the WODESYS WD-R608U router, also known as the WDR122B V2.0 and WDR28. This vulnerability arises from inadequate validation of the langGet parameter in the adm.cgi endpoint, allowing attackers to execute arbitrary system shell commands. While the vendor was notified about this issue, they did not provide details on the vulnerability or its affected version range. The vulnerability has been confirmed in version WDR28081123OV1.01, but other versions may also be susceptible.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the router's operating system.

Added: Dec 18, 2025, 5:26 PM

Updated: Dec 18, 2025, 5:26 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

0.0

relevance

1.6

threat

0.0

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

0.0

relevance

1.6

threat

0.0

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WODESYS WD-R608U Router OS Command Injection Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating