CVE-2025-68717

Published: Jan 8, 2026

Modified: Jan 8, 2026

PUBLISHED

Description

KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 allow authentication bypass during session validation. If any user is logged in, endpoints such as /cgi-bin/system-tool accept unauthenticated requests with empty or invalid session values. This design flaw lets attackers piggyback on another user's active session to retrieve sensitive configuration data or execute privileged actions without authentication.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.kaysus.com/ks_wr3600__wifi_7_be3600_wireless_router.html

https://github.com/actuator/cve/tree/main/KAYSUS

https://github.com/actuator/cve/blob/main/KAYSUS/CVE-2025-68717.txt

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-68717

Description

Affected Products

References