The CVE-2025-65009 vulnerability affects the WODESYS WD-R608U router series, including models WDR122B V2.0 and WDR28. The core issue is the storage of the administrative password in plaintext within the router's configuration file, which can be accessed by unauthorized users through direct references to the resource containing this file. This vulnerability was confirmed in firmware version WDR28081123OV1.01; however, other versions have not been tested and may also be vulnerable. The vulnerability is categorized under CWE-256, indicating improper storage of sensitive information. The CVSS 4.0 base score is 7.1, with an attack vector classified as adjacent network (AV:A), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and high impact on confidentiality (VC:H) but no impact on integrity or availability. This means an attacker within the same or adjacent network segment can easily exploit the vulnerability without authentication or user interaction to obtain the admin password in plaintext. Once the password is obtained, the attacker can gain full administrative access to the router, potentially leading to network traffic interception, configuration manipulation, or pivoting to other internal systems. The vendor was notified early but has not provided detailed information or patches, and no known exploits are currently reported in the wild. The lack of patch links suggests mitigation options are limited to configuration changes or device replacement. The vulnerability poses a significant risk to organizations relying on these routers, especially where network segmentation is weak or remote access is enabled.

For European organizations, this vulnerability presents a critical risk to network security and confidentiality. Unauthorized access to the router's administrative credentials can lead to full device compromise, allowing attackers to intercept, modify, or redirect network traffic, potentially exposing sensitive data or disrupting communications. In sectors such as finance, healthcare, government, and critical infrastructure, this could result in data breaches, operational disruptions, or espionage. The ease of exploitation without authentication or user interaction increases the likelihood of successful attacks, especially in environments where network access controls are insufficient. Additionally, since the vulnerability affects router firmware, it can impact a broad range of connected devices and users within an organization. The absence of vendor patches exacerbates the risk, forcing organizations to rely on compensating controls or hardware replacement. The potential for lateral movement within networks following compromise further amplifies the threat to European enterprises and public sector entities.

1. Immediately restrict access to router configuration files by implementing strict network segmentation and access control lists (ACLs) to limit who can reach the device management interfaces and configuration resources. 2. Disable remote management features unless absolutely necessary, and if enabled, restrict access to trusted IP addresses only. 3. Monitor network traffic for unusual access patterns or attempts to retrieve configuration files. 4. Where possible, upgrade to newer firmware versions if the vendor releases patches addressing this vulnerability; maintain close communication with the vendor for updates. 5. If patches are unavailable, consider replacing affected devices with models that follow secure password storage practices. 6. Implement multi-factor authentication (MFA) on router management interfaces if supported to add an additional layer of security. 7. Conduct regular audits of device configurations and password storage methods to detect similar issues proactively. 8. Educate network administrators about the risks of plaintext password storage and enforce policies for secure credential management. 9. Employ network intrusion detection systems (NIDS) to detect exploitation attempts targeting this vulnerability. 10. Maintain an inventory of all WODESYS devices in use to prioritize mitigation efforts effectively.