CNNVD-202512-3458 Information

CNNVD ID

CNNVD-202512-3458

Related CVE

CVE-2025-65008

• CNNVD Published: 2025-12-18

Description (Chinese)

WODESYS WD-R608U是中国欣阳（WODESYS）公司的一款无线路由器。 WODESYS WD-R608U存在操作系统命令注入漏洞，该漏洞源于adm.cgi端点langGet参数缺乏验证，可能导致恶意攻击者执行系统shell命令。

Description (English)

WODESYS WD-R608U is a wireless router of the Chinese company WODESYS. WODESYS WD-R608U has an operational system command leak that originates from the lack of validation of the langGet parameters at the adm.cgi end point, which may lead to the malicious attacker performing the system shell command.

Hazard Level

High

Vulnerability Type

操作系统命令注入

Affected Vendor

欣阳

Published

2025-12-18

Last Modified

2026-02-24

References

http://www.wodesys.com/eproductms52.html https://cert.pl/en/posts/2025/12/CVE-2025-65007 https://github.com/wcyb/security_research