CVE-2025-65007 is a critical vulnerability identified in the WODESYS WD-R608U router series, including models WDR122B V2.0 and WDR28. The root cause is a missing authentication mechanism in the configuration change module accessible via the adm.cgi endpoint. This flaw allows an unauthenticated attacker to perform sensitive operations such as creating backups, restarting the device, and resetting it to factory defaults without any credentials or user interaction. The vulnerability was confirmed in firmware version WDR28081123OV1.01; however, other versions have not been tested and may also be vulnerable. The lack of authentication on such a critical function exposes the device to remote exploitation, potentially leading to denial of service or loss of device configuration integrity. The CVSS 4.0 vector indicates the attack requires adjacent network access (AV:A), has low attack complexity (AC:L), requires no privileges (PR:N), no user interaction (UI:N), and results in high confidentiality, integrity, and availability impacts (VC:H, VI:H, VA:H). The vendor was notified but has not provided patches or detailed information on affected versions, leaving users exposed. No known exploits have been observed in the wild yet, but the vulnerability's nature and ease of exploitation make it a significant risk. The vulnerability falls under CWE-306, which highlights missing authentication for critical functions, a common and dangerous security oversight in embedded devices and routers.

For European organizations, especially those relying on WODESYS WD-R608U routers in industrial, manufacturing, or critical infrastructure environments, this vulnerability poses a severe risk. Attackers can remotely disrupt network operations by restarting devices or resetting configurations, leading to downtime and potential loss of control over network segments. Unauthorized backup creation could expose sensitive configuration data, risking confidentiality breaches. The absence of authentication means attackers do not need credentials or user interaction, increasing the likelihood of exploitation. This can lead to operational disruptions, financial losses, and reputational damage. Given the strategic importance of industrial control systems and network reliability in Europe, exploitation could affect supply chains and critical services. The lack of vendor patches exacerbates the risk, forcing organizations to rely on compensating controls. Additionally, the vulnerability could be leveraged as a foothold for further network intrusion or lateral movement within corporate or industrial networks.

Until an official patch is released, European organizations should implement specific mitigations: 1) Restrict network access to the adm.cgi endpoint by applying strict firewall rules and network segmentation, ensuring only trusted management networks can reach the router's administrative interfaces. 2) Disable remote management features on the WD-R608U routers if not strictly necessary, especially from untrusted or external networks. 3) Monitor network traffic for unusual requests targeting adm.cgi or unexpected device restarts and factory resets. 4) Employ intrusion detection/prevention systems (IDS/IPS) tuned to detect exploitation attempts of this vulnerability. 5) Regularly back up router configurations manually and securely to recover quickly from forced resets. 6) Engage with WODESYS or authorized vendors to obtain firmware updates or guidance and verify if other firmware versions are affected. 7) Consider replacing vulnerable devices with models from vendors with active security support if mitigation is not feasible. 8) Educate network administrators about the vulnerability and signs of exploitation to ensure rapid incident response.