WODESYS WD-R608U Router Unauthenticated Configuration File Access Vulnerability

Vulnerability

A vulnerability exists in the WODESYS WD-R608U router, also known as the WDR122B V2.0 and WDR28, allowing unauthorized users to access configuration files by directly referencing the relevant resource. This issue has been confirmed in the WDR28081123OV1.01 version, while other versions may also be vulnerable. The lack of authentication in the configuration management module at the 'adm.cgi' endpoint enables this unauthorized access.

Impact

Exploitation of this vulnerability allows unauthorized users to view sensitive configuration files, which may contain critical information such as passwords or network settings.

Added: Dec 18, 2025, 5:23 PM

Updated: Dec 18, 2025, 5:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

1.4

threat

0.0

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

1.4

threat

0.0

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WODESYS WD-R608U Router Unauthenticated Configuration File Access Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating