WODESYS WD-R608U Router Broken Access Control Vulnerability in Password Management

Vulnerability

A broken access control vulnerability has been identified in the WODESYS WD-R608U router, also known as the WDR122B V2.0 and WDR28 models. This vulnerability allows unauthorized attackers to change the admin panel password through the initial configuration 'wizard.cgi' endpoint. The issue persists even after the initial setup is completed. While the vendor was notified about this vulnerability, they did not provide details regarding the affected version range. The vulnerability has been confirmed in the WDR28081123OV1.01 version, but other versions may also be susceptible.

Impact

Exploitation of this vulnerability allows for unauthorized password changes in the admin panel, potentially leading to unauthorized administrative access.

Added: Dec 18, 2025, 5:24 PM

Updated: Dec 18, 2025, 5:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

1.5

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

1.5

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WODESYS WD-R608U Router Broken Access Control Vulnerability in Password Management

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating