The vulnerability identified as CVE-2025-68718 affects KAYSUS KS-WR1200 routers with firmware version 107. The core issue is the presence of SSH and TELNET services enabled on the LAN interface that use hardcoded root credentials (username: root, password: 12345678). These credentials are embedded in the firmware and cannot be changed or disabled by the device administrator. Importantly, changing the management GUI password does not affect the authentication for SSH or TELNET, meaning that the hardcoded credentials remain the sole access method for these services. Because these services are exposed on the LAN interface, any attacker with access to the local network segment can trivially log in with root privileges, gaining full control over the router. This can lead to unauthorized configuration changes, interception or manipulation of network traffic, and potential pivoting to other internal systems. The vulnerability is classified under CWE-200 (Exposure of Sensitive Information) because the hardcoded credentials expose sensitive access. The CVSS v3.1 score is 5.4 (medium), with the vector indicating attack vector as adjacent network (AV:A), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), and low impact on confidentiality and integrity (C:L/I:L) but no impact on availability (A:N). No patches or mitigations have been published yet, and no exploits are currently known in the wild. The inability to disable or change these services or credentials severely limits remediation options, increasing the risk in environments where these devices are deployed without strict network segmentation.

For European organizations, this vulnerability presents a moderate risk primarily in internal network environments where KAYSUS KS-WR1200 routers are deployed. An attacker with LAN access—such as a malicious insider, compromised device, or visitor connected to the internal network—can gain root access to the router, potentially allowing interception or manipulation of network traffic, unauthorized configuration changes, and lateral movement within the network. This could lead to data confidentiality breaches and integrity violations, especially in sensitive sectors like finance, healthcare, or critical infrastructure. Although the vulnerability does not directly impact availability, the loss of control over network routing and security policies could indirectly cause service disruptions. The inability to change or disable the hardcoded credentials means that traditional password management policies are ineffective, increasing the risk of persistent compromise. Organizations with poor network segmentation or guest network controls are particularly vulnerable. The medium CVSS score reflects the limited attack vector (LAN adjacent) but significant privilege escalation potential.

1. Immediately identify and inventory all KAYSUS KS-WR1200 routers running firmware version 107 within the network. 2. Segment networks to isolate these routers from general user LAN segments, restricting access to trusted management stations only. 3. Implement strict network access controls (e.g., 802.1X, NAC) to prevent unauthorized devices from connecting to LAN segments where these routers reside. 4. Monitor network traffic for unauthorized SSH or TELNET connections to these routers and set up alerts for suspicious login attempts. 5. Disable TELNET and SSH services at the network level using firewall rules if device-level disabling is impossible. 6. Engage with the vendor for firmware updates or patches; if none are available, consider replacing affected devices with models that do not have hardcoded credentials. 7. Educate internal staff about the risks of connecting unauthorized devices to the LAN and enforce strict physical and logical access controls. 8. Use network intrusion detection/prevention systems (IDS/IPS) to detect exploitation attempts. 9. Regularly audit router configurations and logs for signs of compromise. 10. Prepare incident response plans specific to router compromise scenarios.