CVE-2025-68716

Name of the Vulnerable Software and Affected Versions KAYSUS KS-WR3600 version 1.0.5.9.1

Description KAYSUS KS-WR3600 routers with firmware version 1.0.5.9.1 have the SSH service enabled by default on the LAN interface. The root account is configured without a password, and administrators are unable to disable SSH or enforce authentication through the command-line interface or web graphical user interface. This allows a local area network attacker to easily gain root shell access and execute arbitrary commands with full privileges.

Recommendations For KAYSUS KS-WR3600 version 1.0.5.9.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.