VYPR

KS-WR3600

by KAYSUS

CVEs (3)

  • CVE-2025-68719Jan 8, 2026
    risk 0.00cvss epss 0.00

    KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 mishandle configuration management. Once any user is logged in and maintains an active session, an attacker can directly query the backup endpoint and download a full configuration archive. This archive contains sensitive files…

  • CVE-2025-68716Jan 8, 2026
    risk 0.00cvss epss 0.00

    KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 enable the SSH service enabled by default on the LAN interface. The root account is configured with no password, and administrators cannot disable SSH or enforce authentication via the CLI or web GUI. This allows any LAN-adjacent…

  • CVE-2025-68717Jan 8, 2026
    risk 0.00cvss epss 0.01

    KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 allow authentication bypass during session validation. If any user is logged in, endpoints such as /cgi-bin/system-tool accept unauthenticated requests with empty or invalid session values. This design flaw lets attackers…