The vulnerability identified as CVE-2025-68717 affects KAYSUS KS-WR3600 routers with firmware version 1.0.5.9.1. It is an authentication bypass flaw occurring during session validation. Normally, session validation ensures that only authenticated users with valid session tokens can access sensitive router management endpoints. However, in this case, if any user is logged in, the router's web interface endpoints such as /cgi-bin/system-tool improperly accept requests with empty or invalid session tokens. This design flaw allows an attacker to piggyback on an active session belonging to another user without needing to authenticate themselves. As a result, an attacker can retrieve sensitive configuration data or execute privileged commands remotely. The vulnerability does not require the attacker to have valid credentials or perform complex exploits, only that a legitimate user session is active. No CVSS score has been assigned yet, and no patches or known exploits have been reported. The flaw represents a significant risk because it undermines the fundamental security mechanism of session validation, potentially leading to unauthorized access and control over the router. This could facilitate further network compromise, data exfiltration, or disruption of services.

For European organizations, this vulnerability could have severe consequences. Many enterprises and critical infrastructure providers rely on secure router configurations to protect their internal networks. Exploitation could allow attackers to bypass authentication controls, gain unauthorized access to network devices, and manipulate configurations or intercept traffic. This could lead to data breaches, network downtime, or serve as a foothold for lateral movement within corporate or governmental networks. The impact is heightened in sectors such as telecommunications, energy, finance, and government agencies where network integrity and confidentiality are paramount. Additionally, the ability to execute privileged actions without authentication increases the risk of persistent compromise and sabotage. Since no patch is currently available, organizations face a window of exposure that requires immediate compensating controls to mitigate risk.

1. Immediately restrict access to the management interface of KAYSUS KS-WR3600 routers to trusted internal networks only, using firewall rules or VLAN segmentation. 2. Disable remote management features unless absolutely necessary, and if enabled, restrict access via VPN or secure tunnels. 3. Monitor router logs and network traffic for unusual or unauthorized access attempts, especially targeting /cgi-bin/system-tool endpoints. 4. Implement strict session management policies, including session timeouts and user logout enforcement, to minimize the window of active sessions. 5. Where possible, replace affected routers with models from vendors with timely security updates and better session validation mechanisms. 6. Engage with KAYSUS support or vendors to obtain firmware updates or patches addressing this vulnerability as soon as they become available. 7. Conduct regular security audits and penetration tests focusing on network device management interfaces to detect similar flaws. 8. Educate network administrators about the risks of leaving active sessions unattended and encourage prompt logout after configuration changes.