CVE-2025-65009 identifies a vulnerability in the WODESYS WD-R608U router series, including models WDR122B V2.0 and WDR28, where the administrator password is stored in plaintext within the device's configuration file. This insecure storage violates best practices for credential management (CWE-256) and exposes the password to unauthorized retrieval by anyone able to directly access the configuration resource. The vulnerability was confirmed in firmware version WDR28081123OV1.01; however, the vendor has not disclosed details about other versions or provided patches. The CVSS 4.0 score of 7.1 reflects a high severity due to the ease of exploitation (no privileges or user interaction required) and the high impact on confidentiality, as an attacker can gain administrative access by extracting the plaintext password. The attack vector is adjacent network access, meaning the attacker must have some level of network proximity to the device. The vulnerability does not affect integrity or availability directly but compromises the device’s security posture by enabling unauthorized administrative control. No known exploits have been reported in the wild, but the lack of vendor response and patch availability increases the risk over time. This vulnerability is particularly concerning for environments where these routers are deployed in sensitive or critical network segments, as it could facilitate further attacks or data breaches.

For European organizations, the impact of CVE-2025-65009 can be significant, especially in sectors relying on WODESYS WD-R608U routers for network connectivity and security. Unauthorized access to the admin password allows attackers to fully control the router, potentially altering configurations, intercepting or redirecting traffic, and creating persistent backdoors. This compromises confidentiality and could lead to data exfiltration or disruption of network services. Critical infrastructure operators, government agencies, and enterprises using these devices in their network perimeters or internal segments face heightened risks. The vulnerability could also facilitate lateral movement within corporate networks, increasing the scope of potential damage. Given the absence of patches and vendor communication, organizations must assume the vulnerability is exploitable and prioritize mitigation to prevent unauthorized access. The impact is exacerbated by the potential for attackers to remain undetected while exploiting the plaintext password storage.

1. Immediately restrict network access to the affected routers, limiting management interfaces to trusted IP addresses and VLANs. 2. Implement strict network segmentation to isolate the routers from general user networks and the internet where possible. 3. Regularly audit and monitor access logs for unusual or unauthorized attempts to access configuration files or management interfaces. 4. Change default and existing passwords on affected devices to strong, unique credentials and consider using out-of-band management channels. 5. If feasible, replace affected devices with models from vendors that follow secure credential storage practices. 6. Employ intrusion detection systems (IDS) and network behavior analysis tools to detect anomalous activities targeting router management interfaces. 7. Maintain an inventory of all WODESYS devices and firmware versions deployed to assess exposure and prioritize remediation. 8. Engage with WODESYS vendor support channels to request patches or firmware updates and monitor for any future advisories. 9. Educate network administrators on the risks of plaintext password storage and enforce policies to avoid storing sensitive credentials in unencrypted formats. 10. Consider deploying multi-factor authentication (MFA) for router management if supported, to add an additional security layer.