VYPR
Unrated severityNVD Advisory· Published Jan 8, 2026· Updated Jan 8, 2026

CVE-2025-68717

CVE-2025-68717

Description

KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 allow authentication bypass during session validation. If any user is logged in, endpoints such as /cgi-bin/system-tool accept unauthenticated requests with empty or invalid session values. This design flaw lets attackers piggyback on another user's active session to retrieve sensitive configuration data or execute privileged actions without authentication.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • KAYSUS/KS-WR3600cpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: =1.0.5.9.1

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.