CVE-2025-68716 is a critical vulnerability found in KAYSUS KS-WR3600 routers running firmware version 1.0.5.9.1. The vulnerability arises because the SSH service is enabled by default on the LAN interface, and the root account is configured with no password. Furthermore, administrators are unable to disable SSH or enforce any form of authentication through the router’s command-line interface or web GUI. This design flaw allows any attacker with access to the local area network to trivially obtain root shell access on the device. Once access is gained, the attacker can execute arbitrary commands with full administrative privileges, compromising the router’s confidentiality, integrity, and availability. The vulnerability does not require any user interaction or prior authentication, making it highly exploitable. Although no known exploits have been reported in the wild, the lack of patch availability and the inability to disable or secure SSH access make this a severe threat. The affected firmware version is 1.0.5.9.1, but no other versions are specified. The vulnerability was published in early 2026, with the CVSS score not assigned yet. The root cause is a default insecure configuration combined with a lack of administrative control over SSH settings, which is a critical security oversight in the device’s firmware design.

For European organizations, this vulnerability could lead to complete compromise of affected routers, enabling attackers to intercept, modify, or disrupt network traffic, launch further attacks within the internal network, or create persistent backdoors. This is especially critical for enterprises, government agencies, and critical infrastructure operators relying on these routers for secure network connectivity. The inability to disable or secure SSH access increases the attack surface and risk of lateral movement within networks. Confidential information could be exposed, network integrity compromised, and availability disrupted, potentially causing operational downtime and data breaches. Organizations with less stringent LAN access controls or remote LAN access (e.g., via VPN) are particularly vulnerable. The threat also extends to managed service providers and small-to-medium enterprises that may use these routers without rigorous security oversight.

1. Immediately isolate affected KS-WR3600 routers from untrusted LAN segments and restrict access to trusted administrators only. 2. Implement strict network segmentation and access control lists (ACLs) to limit LAN access to these devices. 3. Monitor network traffic for unusual SSH connections or command execution patterns on these routers. 4. Replace affected routers with models from vendors with secure default configurations if possible. 5. If replacement is not immediately feasible, consider deploying network-based intrusion prevention systems (IPS) to detect and block unauthorized SSH access attempts. 6. Engage with KAYSUS support to obtain firmware updates or patches addressing this vulnerability. 7. Educate network administrators about the risks and ensure physical security of network equipment to prevent unauthorized LAN access. 8. Review and enhance internal network security policies to prevent unauthorized device access. 9. Regularly audit router configurations and network access logs for signs of compromise.