5 matches found
CVE-2025-68717
KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 allow authentication bypass during session validation. If any user is logged in, endpoints such as /cgi-bin/system-tool accept unauthenticated requests with empty or invalid session values. This design flaw lets attackers piggyback on another user'...
KAYSUS KS-WR3600 安全漏洞
The KAYSUS KS-WR3600 is a wireless router from the Chinese company KAYSUS. A security vulnerability exists in the KAYSUS KS-WR3600 version 1.0.5.9.1, which originates from an authentication bypass during session authentication and could allow an unauthenticated attacker to retrieve sensitive...
CVE-2025-68717
KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 allow authentication bypass during session validation. If any user is logged in, endpoints such as /cgi-bin/system-tool accept unauthenticated requests with empty or invalid session values. This design flaw lets attackers piggyback on another user'...
CVE-2025-68719
CVE-2025-68719 affects KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1. The issue is a configuration management flaw that allows an authenticated user with an active session to access the backup endpoint and download a full configuration archive, including sensitive files such as /etc/shadow. Th...
CVE-2025-68718
KAYSUS KS-WR1200 routers, firmware 107, expose SSH and TELNET on the LAN interface with hardcoded credentials (root:12345678). The administrator cannot disable these services or change the hardcoded password, and changing the management GUI password has no effect on SSH/TELNET authentication. Any...