CVE-2025-68715 — CRITICAL (9.1)

Vulnerability Description

An issue was discovered in Panda Wireless PWRU0 devices with firmware 2.2.9 that exposes multiple HTTP endpoints (/goform/setWan, /goform/setLan, /goform/wirelessBasic) that do not enforce authentication. A remote unauthenticated attacker can modify WAN, LAN, and wireless settings directly, leading to privilege escalation and denial of service.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Pandawireless	Pwru01 Firmware	2.2.9
Pandawireless	Pwru01	-

Related Weaknesses (CWE)

CWE-306

References

https://github.com/actuator/cve/blob/main/PandaWireless/CVE-2025-68715.txtThird Party Advisory
https://github.com/actuator/cve/tree/main/PandaWirelessExploit

FAQ

What is CVE-2025-68715?

CVE-2025-68715 is a vulnerability with a CVSS score of 9.1 (CRITICAL). An issue was discovered in Panda Wireless PWRU0 devices with firmware 2.2.9 that exposes multiple HTTP endpoints (/goform/setWan, /goform/setLan, /goform/wirelessBasic) that do not enforce authenticat...

How severe is CVE-2025-68715?

CVE-2025-68715 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2025-68715?

Check the references section above for vendor advisories and patch information. Affected products include: Pandawireless Pwru01 Firmware, Pandawireless Pwru01.