CVE-2025-68717
KAYSUS · KS-WR3600 routers
KAYSUS KS-WR3600 routers (firmware 1.0.5.9.1) are vulnerable to authentication bypass, allowing attackers to hijack active sessions and perform unauthorized administrative actions.
Executive summary
An authentication bypass vulnerability in KAYSUS KS-WR3600 routers allows attackers to hijack active user sessions and execute unauthorized privileged commands.
Vulnerability
The router firmware contains a design flaw in session validation that allows unauthenticated requests to be processed if an existing user session is active. Attackers can exploit this to interact with sensitive endpoints, such as /cgi-bin/system-tool, effectively bypassing the authentication gate.
Business impact
The CVSS score of 9.4 highlights the critical nature of this flaw, as it allows for unauthorized access to network configuration data and the execution of administrative commands. This could lead to a complete compromise of the network perimeter, allowing an attacker to intercept traffic, modify firewall rules, or disable security features. Such an event would result in significant operational disruption and loss of network integrity.
Remediation
Immediate Action: Check the KAYSUS vendor advisory for firmware updates and apply them immediately to remediate the session validation flaw.
Proactive Monitoring: Monitor network logs for unusual access to sensitive CGI scripts or administrative endpoints originating from unauthorized sources.
Compensating Controls: Restrict administrative access to the router’s management interface to a dedicated, isolated management VLAN or specific trusted IP addresses.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
This vulnerability constitutes a severe risk to the integrity of the network infrastructure. Administrators must prioritize the application of vendor firmware updates and limit access to the router's administrative interface to mitigate the risk of unauthorized session takeover.