CVE 9.4 CRITICAL

CVE-2025-68717_CVE-2025-68717

January 8, 2026 invoker category_cve

9.4 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Description

KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 allow authentication bypass during session validation. If any user is logged in, endpoints such as /cgi-bin/system-tool accept unauthenticated requests with empty or invalid session values. This design flaw lets attackers piggyback on another user's active session to retrieve sensitive configuration data or execute privileged actions without authentication.

AI Analysis

Authentication bypass vulnerability in KAYSUS KS-WR3600 routers

Basic Information

ID CVE-2025-68717

Source mitre

Published Jan 8, 2026 at 00:00

Modified Jan 8, 2026 at 20:38

Affected Product

Vendor KAYSUS

Product KS-WR3600

Version 1.0.5.9.1

Affected Versions n/a n/a n/a

CWE Classification

CWE-287

AI Assessment

AI Score 9.4 / 10

AI Severity Critical

Vendor KAYSUS

Product KS-WR3600

Version 1.0.5.9.1

References

{
    "lastseen": "",
    "description": "KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 allow authentication bypass during session validation. If any user is logged in, endpoints such as /cgi-bin/system-tool accept unauthenticated requests with empty or invalid session values. This design flaw lets attackers piggyback on another user's active session to retrieve sensitive configuration data or execute privileged actions without authentication.",
    "published": "2026-01-08T00:00:00.000Z",
    "modified": "2026-01-08T20:38:47.470Z",
    "type": "cve",
    "title": "CVE-2025-68717",
    "source": "mitre",
    "references": "https://www.kaysus.com/ks_wr3600__wifi_7_be3600_wireless_router.html\nhttps://github.com/actuator/cve/tree/main/KAYSUS\nhttps://github.com/actuator/cve/blob/main/KAYSUS/CVE-2025-68717.txt",
    "id": "CVE-2025-68717",
    "bulletinFamily": "",
    "cwe": [
        "CWE-287"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.4,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "KS-WR3600",
    "version": "1.0.5.9.1",
    "vendor": "KAYSUS",
    "ai_description": "Authentication bypass vulnerability in KAYSUS KS-WR3600 routers",
    "ai_severity": "Critical",
    "ai_vendor": "KAYSUS",
    "ai_product": "KS-WR3600",
    "ai_version": "1.0.5.9.1",
    "ai_score": 9.4
}

💭 Join the Security Discussion ❌ Cancel Reply