CVE-2025-65011 is a vulnerability classified under CWE-425 (Direct Request or Forced Browsing) affecting the WODESYS WD-R608U router series, including models WDR122B V2.0 and WDR28. The vulnerability allows an unauthenticated attacker to directly request and access configuration files by referencing their URLs or resource paths without proper authorization checks. This type of vulnerability arises when web applications or embedded device management interfaces fail to enforce access control on sensitive resources, enabling attackers to bypass authentication mechanisms. The vendor was notified early but did not provide detailed information about the affected version range; only firmware version WDR28081123OV1.01 has been tested and confirmed vulnerable. The CVSS 4.0 base score is 7.1 (high severity), with an attack vector of adjacent network (AV:A), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and a high impact on confidentiality (VC:H), with no impact on integrity or availability. The vulnerability does not require authentication or user interaction, making it easier to exploit by an attacker with network access to the device's management interface. No patches or mitigations have been officially released, and no known exploits have been observed in the wild. The vulnerability poses a significant risk as configuration files often contain sensitive information such as credentials, network settings, or cryptographic keys, which can be leveraged for further attacks or lateral movement within a network.

For European organizations, especially those in industrial, manufacturing, or critical infrastructure sectors that deploy WODESYS WD-R608U routers, this vulnerability presents a serious confidentiality risk. Unauthorized access to configuration files can lead to exposure of sensitive credentials, network topology, and device settings, enabling attackers to compromise network security, conduct further intrusions, or disrupt operations. Given the router's use in industrial environments, exploitation could facilitate espionage, sabotage, or unauthorized control of operational technology systems. The lack of authentication and user interaction requirements lowers the barrier for exploitation, increasing the likelihood of attacks if devices are accessible from internal or adjacent networks. The absence of vendor patches exacerbates the risk, forcing organizations to rely on compensating controls. The impact is particularly critical for organizations subject to strict data protection regulations such as GDPR, as exposure of sensitive information could lead to compliance violations and reputational damage.

1. Immediately restrict network access to the management interface of WODESYS WD-R608U routers by implementing strict firewall rules and network segmentation to limit access only to trusted administrators and systems. 2. Disable remote management features if not required, or enforce VPN access with strong authentication for remote connections. 3. Monitor network traffic for unusual or unauthorized direct requests targeting router configuration files or management URLs. 4. Conduct an inventory of all WODESYS WD-R608U devices and verify firmware versions; prioritize isolating or upgrading devices running the vulnerable version WDR28081123OV1.01. 5. Engage with the vendor for firmware updates or patches and apply them promptly once available. 6. Implement additional authentication layers or web application firewalls (WAF) in front of device management interfaces to detect and block forced browsing attempts. 7. Regularly audit device configurations and logs to detect potential unauthorized access or exploitation attempts. 8. Educate network and security teams about this vulnerability and the importance of securing device management interfaces.