CVE-2025-65010 is a vulnerability classified under CWE-306 (Missing Authentication for Critical Function) found in the WODESYS WD-R608U router series, including models WDR122B V2.0 and WDR28. The issue resides in the initial configuration wizard.cgi endpoint, which lacks proper authentication controls. This allows an unauthenticated attacker with network access to change the administrator password arbitrarily, effectively gaining administrative control over the device. The vulnerability is present not only during the initial setup phase but also persists after the router has been configured, increasing the attack surface. The only confirmed vulnerable firmware version is WDR28081123OV1.01; however, the vendor has not disclosed whether other versions are affected, and no patches have been released. The CVSS v4.0 score is 7.1 (high severity), reflecting the ease of exploitation (no privileges or user interaction required) and the significant impact on device integrity and confidentiality. The vulnerability does not require physical access but does require network access to the device, which could be local or remote depending on network exposure. Exploitation could allow attackers to lock out legitimate administrators, manipulate router settings, intercept or redirect traffic, and potentially pivot into internal networks. No known exploits are publicly available yet, but the lack of vendor response and patch availability increases risk. This vulnerability highlights the critical need for secure authentication mechanisms on network infrastructure devices, especially those exposed to untrusted networks.

For European organizations, exploitation of CVE-2025-65010 could lead to complete compromise of affected routers, resulting in unauthorized administrative access. This can cause severe confidentiality breaches through interception or manipulation of network traffic, integrity violations by altering router configurations, and availability disruptions if attackers lock out legitimate users or disable network services. Organizations relying on WODESYS WD-R608U routers for critical network infrastructure, including SMEs and industrial environments, face risks of lateral movement by attackers into internal systems. Given the router's role as a gateway device, compromise could undermine perimeter defenses and expose sensitive data or operational technology. The absence of patches and vendor communication exacerbates the threat, especially in sectors with stringent data protection requirements such as finance, healthcare, and government. Additionally, the vulnerability could be exploited in supply chain attacks or targeted espionage campaigns against European entities. The potential for remote exploitation without authentication increases the urgency for mitigation in environments where these devices are accessible from untrusted networks.

European organizations using WODESYS WD-R608U routers should immediately audit their network to identify devices running the confirmed vulnerable firmware version WDR28081123OV1.01 or related models. Until a vendor patch is available, mitigate risk by restricting network access to the router's management interfaces using firewall rules or network segmentation, ensuring that only trusted administrative hosts can reach the configuration endpoints. Disable remote management features if enabled, or restrict them to secure VPN connections. Implement strong network monitoring and alerting for unusual configuration changes or access attempts to the router. Consider deploying network intrusion detection systems (NIDS) to detect exploitation attempts targeting the wizard.cgi endpoint. Where possible, replace vulnerable devices with alternatives from vendors with active security support. Maintain an inventory of all network devices and enforce strict configuration management policies. Engage with WODESYS for updates and monitor security advisories for patches or additional guidance. Finally, educate network administrators about this vulnerability and the importance of securing router management interfaces.