CVE-2025-65010 is a vulnerability classified under CWE-306 (Missing Authentication for Critical Function) found in the WODESYS WD-R608U router family, specifically confirmed in version WDR28081123OV1.01. The flaw resides in the initial configuration wizard.cgi endpoint, which lacks proper authentication checks, allowing an unauthenticated attacker on the adjacent network to change the administrator password without authorization. This broken access control issue persists beyond the initial setup phase, meaning the device remains vulnerable even after configuration is complete. The vulnerability's CVSS 4.0 score is 7.1 (high), reflecting its significant impact and relatively low attack complexity. The attack vector is adjacent network (AV:A), meaning the attacker must be on the same local network or connected via a bridged network segment. No privileges or user interaction are required, and the vulnerability does not affect confidentiality directly but severely impacts integrity and availability by enabling unauthorized administrative access. The vendor has been notified but has not provided detailed information or patches, and only one firmware version has been tested. This vulnerability could allow attackers to take full control of the router, potentially intercepting, redirecting, or disrupting network traffic, and facilitating further attacks within the network.

For European organizations, this vulnerability poses a significant risk due to the critical role routers play in network security and traffic management. Unauthorized password changes can lead to complete administrative takeover, enabling attackers to manipulate network configurations, intercept sensitive data, or launch further attacks such as lateral movement or persistent network compromise. This is particularly concerning for enterprises, government agencies, and critical infrastructure operators relying on WODESYS routers. The lack of authentication on a critical function undermines trust in network perimeter defenses and could lead to data breaches, service disruptions, and compliance violations under regulations like GDPR. The adjacent network attack vector means that internal threat actors or attackers who gain local network access (e.g., via Wi-Fi or compromised devices) can exploit this vulnerability, increasing the attack surface within organizational environments.

Organizations should immediately identify any WODESYS WD-R608U routers in their infrastructure, especially those running firmware version WDR28081123OV1.01. Since no official patches are available, mitigation should include isolating affected devices on segmented networks with strict access controls to limit exposure to untrusted users. Network administrators should disable remote management interfaces if enabled and restrict management access to trusted IP addresses only. Monitoring network traffic for unusual configuration changes or unauthorized access attempts is critical. Where possible, replace vulnerable devices with updated or alternative hardware from vendors with active security support. Additionally, implement network-level protections such as VLAN segmentation, strong Wi-Fi security, and endpoint security to reduce the risk of an attacker gaining adjacent network access. Regularly audit router configurations and credentials to detect unauthorized changes promptly.