The vulnerability identified as CVE-2025-68718 affects KAYSUS KS-WR1200 routers with firmware version 107. These routers expose SSH and TELNET services on the LAN interface that authenticate using hardcoded root credentials (username: root, password: 12345678). The critical flaw is that these credentials cannot be changed by the administrator, nor can the SSH and TELNET services be disabled. Changing the management GUI password does not affect these services, meaning that even if the router’s web interface is secured, the underlying remote access services remain vulnerable. This design flaw allows any attacker with access to the local area network to trivially log in with root privileges, effectively gaining full control over the router. Such access can enable attackers to manipulate network traffic, install persistent malware, or pivot to other internal systems. The vulnerability is particularly severe because it requires no user interaction beyond LAN adjacency and no authentication beyond the hardcoded credentials. No CVSS score has been assigned yet, and no public exploits have been reported, but the risk is high due to the ease of exploitation and the critical nature of root access. The inability to disable or secure these services means that organizations must rely on network-level controls until a firmware patch or vendor mitigation is released.

For European organizations, this vulnerability poses a significant risk to internal network security. Compromise of a router at root level can lead to interception and manipulation of all network traffic passing through the device, including sensitive corporate communications and data. Attackers could establish persistent backdoors, disrupt network availability, or use the compromised router as a launchpad for lateral movement within the network. This is especially concerning for organizations with flat network architectures or insufficient internal segmentation. Critical infrastructure sectors such as energy, finance, healthcare, and government agencies that rely on these routers for network connectivity could face operational disruptions or data breaches. The exposure of hardcoded credentials also undermines trust in network device security and may lead to regulatory compliance issues under GDPR and other European data protection laws if personal data is compromised. The lack of a patch or workaround increases the window of vulnerability, necessitating immediate compensating controls.

Since the vulnerability cannot be remediated by changing passwords or disabling services on the affected routers, European organizations should implement strict network segmentation to isolate these devices from sensitive systems and limit LAN access to trusted personnel only. Deploy network access control (NAC) solutions to restrict which devices can connect to the LAN segments hosting these routers. Monitor network traffic for unusual SSH or TELNET connections and implement intrusion detection/prevention systems (IDS/IPS) tuned to detect unauthorized access attempts. If possible, replace affected routers with models that do not have this vulnerability or that allow secure configuration of remote access services. Engage with the vendor to request firmware updates or patches and stay informed of any security advisories. Additionally, enforce strong endpoint security on all devices connected to the LAN to reduce the risk of an attacker gaining initial access. Document and audit all network devices regularly to identify any unauthorized changes or suspicious activity. Consider deploying network segmentation firewalls or VLANs to further limit exposure.