CVE-2025-65011 identifies a direct request vulnerability (CWE-425) in the WODESYS WD-R608U router series, including models WDR122B V2.0 and WDR28. This vulnerability allows an unauthenticated attacker to bypass access controls by directly referencing configuration file resources via crafted HTTP requests. The vulnerability was confirmed in firmware version WDR28081123OV1.01, with no information on other versions, leaving the possibility of broader exposure. The attack vector requires network-level access (AV:A), but no privileges, authentication, or user interaction are necessary, making exploitation relatively straightforward for an attacker with network access. The vulnerability severely compromises confidentiality (VC:H) by exposing sensitive configuration files, which may contain credentials, network topology, or other critical information. Integrity and availability are not directly impacted. The vendor was notified but has not provided detailed information or patches, and no known exploits have been observed in the wild. The lack of patch availability increases the urgency for defensive measures. The vulnerability's CVSS 4.0 score of 7.1 reflects its high severity, primarily due to the ease of exploitation and the sensitive nature of the exposed data. This vulnerability poses a significant risk to organizations relying on these routers for network management, especially in environments where network segmentation is weak or remote access is enabled.

For European organizations, this vulnerability presents a significant risk to network security and confidentiality. Exposure of configuration files can lead to disclosure of sensitive information such as administrative credentials, network configurations, and security settings, enabling attackers to escalate privileges, pivot within networks, or launch further attacks. Critical infrastructure, enterprises, and service providers using the affected WODESYS routers may face increased risk of targeted attacks or espionage. The lack of authentication requirement and ease of exploitation mean that attackers with network access—potentially even from internal networks or compromised devices—can leverage this vulnerability. This could result in data breaches, operational disruptions, or compromise of connected systems. The absence of patches and public exploit code means organizations must rely on network-level mitigations and monitoring until vendor fixes are released. Given the router's role in network management, the impact on availability is limited but the confidentiality breach can have cascading effects on overall security posture.

1. Immediately restrict access to the router's management interfaces by implementing strict network segmentation and firewall rules, allowing only trusted IP addresses or management stations to connect. 2. Disable remote management features if not required, or restrict them to secure VPN connections with strong authentication. 3. Monitor network traffic for unusual HTTP requests targeting configuration files or unauthorized access attempts to the router's web interface. 4. Conduct thorough audits of router configurations and credentials to identify any exposure or compromise. 5. Engage with WODESYS support to obtain information on patches or firmware updates addressing this vulnerability and apply them promptly once available. 6. Consider deploying intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics to detect forced browsing attempts. 7. Educate network administrators about the vulnerability and enforce strong operational security practices around router management. 8. If possible, replace affected devices with models from vendors with timely security support and patching history.