CVE 9.1 CRITICAL

CVE-2025-68715_CVE-2025-68715

January 9, 2026 invoker category_cve

9.1 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Description

An issue was discovered in Panda Wireless PWRU0 devices with firmware 2.2.9 that exposes multiple HTTP endpoints (/goform/setWan, /goform/setLan, /goform/wirelessBasic) that do not enforce authentication. A remote unauthenticated attacker can modify WAN, LAN, and wireless settings directly, leading to privilege escalation and denial of service.

AI Analysis

Unauthenticated HTTP endpoint exposure leading to privilege escalation and denial of service

Basic Information

ID CVE-2025-68715

Source mitre

Published Jan 8, 2026 at 00:00

Modified Jan 9, 2026 at 18:38

Affected Product

Vendor Panda Wireless

Product Panda Wireless PWRU0

Version 2.2.9

Affected Versions n/a n/a n/a

CWE Classification

CWE-306

AI Assessment

AI Score 9.1 / 10

AI Severity Critical

Vendor Panda Wireless

Product Panda Wireless PWRU0

Version 2.2.9

References

{
    "lastseen": "",
    "description": "An issue was discovered in Panda Wireless PWRU0 devices with firmware 2.2.9 that exposes multiple HTTP endpoints (/goform/setWan, /goform/setLan, /goform/wirelessBasic) that do not enforce authentication. A remote unauthenticated attacker can modify WAN, LAN, and wireless settings directly, leading to privilege escalation and denial of service.",
    "published": "2026-01-08T00:00:00.000Z",
    "modified": "2026-01-09T18:38:14.203Z",
    "type": "cve",
    "title": "CVE-2025-68715",
    "source": "mitre",
    "references": "https://github.com/actuator/cve/tree/main/PandaWireless\nhttps://github.com/actuator/cve/blob/main/PandaWireless/CVE-2025-68715.txt",
    "id": "CVE-2025-68715",
    "bulletinFamily": "",
    "cwe": [
        "CWE-306"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.1,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Panda Wireless PWRU0",
    "version": "2.2.9",
    "vendor": "Panda Wireless",
    "ai_description": "Unauthenticated HTTP endpoint exposure leading to privilege escalation and denial of service",
    "ai_severity": "Critical",
    "ai_vendor": "Panda Wireless",
    "ai_product": "Panda Wireless PWRU0",
    "ai_version": "2.2.9",
    "ai_score": 9.1
}

💭 Join the Security Discussion ❌ Cancel Reply