CVE-2025-68717

Name of the Vulnerable Software and Affected Versions KAYSUS KS-WR3600 router version 1.0.5.9.1

Description KAYSUS KS-WR3600 routers with firmware version 1.0.5.9.1 have a flaw where authentication can be bypassed during session validation. When a user is logged in, certain API endpoints, such as /cgi-bin/system-tool, accept requests without valid session information. This allows an attacker to leverage an existing user's session to access sensitive configuration data or perform actions with elevated privileges without proper authentication. The vulnerable parameter is the session value.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the /cgi-bin/system-tool endpoint to authorized users only.