CVE-2025-68717

CRITICAL
2026-01-08 [email protected]
9.4
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
Low

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
PoC Detected
Feb 02, 2026 - 16:35 vuln.today
Public exploit code
CVE Published
Jan 08, 2026 - 21:15 nvd
CRITICAL 9.4

Tags

Authentication Bypass Ks Wr3600 Firmware

Description

KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 allow authentication bypass during session validation. If any user is logged in, endpoints such as /cgi-bin/system-tool accept unauthenticated requests with empty or invalid session values. This design flaw lets attackers piggyback on another user's active session to retrieve sensitive configuration data or execute privileged actions without authentication.

Analysis

KAYSUS KS-WR3600 router (firmware 1.0.5.9.1) has session validation bypass – if any user is logged in, endpoints accept unauthenticated requests. Attackers piggyback on active sessions to execute privileged actions. PoC available.

Technical Context

The session validation logic (CWE-287) checks only whether any active session exists, not whether the current request belongs to that session. An empty or invalid session cookie succeeds as long as someone else is logged in.

Affected Products

KAYSUS KS-WR3600 firmware 1.0.5.9.1

Remediation

Update firmware when available. Restrict management access to wired connections.

Priority Score

67
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +47
POC: +20

Share

CVE-2025-68717 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy