CVE-2025-68715CRITICAL 9.1EPSS p45.5%

CVE-2025-68715CVE-2025-68715

Description

An issue was discovered in Panda Wireless PWRU0 devices with firmware 2.2.9 that exposes multiple HTTP endpoints (/goform/setWan, /goform/setLan, /goform/wirelessBasic) that do not enforce authentication. A remote unauthenticated attacker can modify WAN, LAN, and wireless settings directly, leading to privilege escalation and denial of service.

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS0.63% probability of exploitation · percentile 45.5% · 2026-06-18T12:00:27Z
Published2026-01-08
Last modified2026-01-30

Underlying weaknesses· 1

CWE-306

References

  1. https://github.com/actuator/cve/blob/main/PandaWireless/CVE-2025-68715.txt
  2. https://github.com/actuator/cve/tree/main/PandaWireless

1

TypeTargetConfidenceTier
WeaknessMissing Authentication for Critical Functioncwe-3060%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-68707
CVE
CVE-2025-43983
CVE
CVE-2025-65128
CVE
CVE-2026-24428
CVE
CVE-2026-24440
CVE
CVE-2025-14300
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.