CVE-2025-68717

KAYSUS · KS-WR3600 routers

KAYSUS KS-WR3600 routers (firmware 1.0.5.9.1) are vulnerable to authentication bypass, allowing attackers to hijack active sessions and perform unauthorized administrative actions.

Executive summary

An authentication bypass vulnerability in KAYSUS KS-WR3600 routers allows attackers to hijack active user sessions and execute unauthorized privileged commands.

Vulnerability

The router firmware contains a design flaw in session validation that allows unauthenticated requests to be processed if an existing user session is active. Attackers can exploit this to interact with sensitive endpoints, such as /cgi-bin/system-tool, effectively bypassing the authentication gate.

Business impact

The CVSS score of 9.4 highlights the critical nature of this flaw, as it allows for unauthorized access to network configuration data and the execution of administrative commands. This could lead to a complete compromise of the network perimeter, allowing an attacker to intercept traffic, modify firewall rules, or disable security features. Such an event would result in significant operational disruption and loss of network integrity.

Remediation

Immediate Action: Check the KAYSUS vendor advisory for firmware updates and apply them immediately to remediate the session validation flaw.

Proactive Monitoring: Monitor network logs for unusual access to sensitive CGI scripts or administrative endpoints originating from unauthorized sources.

Compensating Controls: Restrict administrative access to the router’s management interface to a dedicated, isolated management VLAN or specific trusted IP addresses.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

This vulnerability constitutes a severe risk to the integrity of the network infrastructure. Administrators must prioritize the application of vendor firmware updates and limit access to the router's administrative interface to mitigate the risk of unauthorized session takeover.