9.4

CVE-2025-68717

Exploit

EPSS 0.14%
Veröffentlicht 08.01.2026 00:00:00
Zuletzt bearbeitet 02.02.2026 16:35:48
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 allow authentication bypass during session validation. If any user is logged in, endpoints such as /cgi-bin/system-tool accept unauthenticated requests with empty or invalid session values. This design flaw lets attackers piggyback on another user's active session to retrieve sensitive configuration data or execute privileged actions without authentication.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Kaysus ≫ Ks-wr3600 Firmware Version1.0.5.9.1

Kaysus ≫ Ks-wr3600 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.341

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.4	3.9	5.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://www.kaysus.com/ks_wr3600__wifi_7_be3600_wireless_router.html

Product

https://github.com/actuator/cve/tree/main/KAYSUS

Exploit

https://github.com/actuator/cve/blob/main/KAYSUS/CVE-2025-68717.txt

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-68717

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-68717

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-68717

EUVD