CVE-2025-68716
Unknown Unknown - Not Provided
Default-Enabled SSH with Root No-Password on KAYSUS KS-WR

Publication date: 2026-01-08

Last updated on: 2026-02-02

Assigner: MITRE

Description
KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 enable the SSH service enabled by default on the LAN interface. The root account is configured with no password, and administrators cannot disable SSH or enforce authentication via the CLI or web GUI. This allows any LAN-adjacent attacker to trivially gain root shell access and execute arbitrary commands with full privileges.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-08
Last Modified
2026-02-02
Generated
2026-06-16
AI Q&A
2026-01-08
EPSS Evaluated
2026-06-15
NVD
CVE-2025-68716
EUVD
EUVD-2026-1440
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
kaysus ks-wr3600 1.0.5.9.1
kaysus ks-wr3600_firmware 1.0.5.9.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-521 The product does not require that users should have strong passwords.
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability exists in KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1, where the SSH service is enabled by default on the LAN interface. The root account has no password set, and administrators cannot disable SSH or enforce authentication through the CLI or web GUI. This allows any attacker with LAN access to easily gain root shell access and execute arbitrary commands with full privileges.

Impact Analysis

This vulnerability allows an attacker on the local network to gain root-level access to the router without any authentication. With full root privileges, the attacker can execute arbitrary commands, potentially compromising the entire network, intercepting or modifying traffic, disrupting services, or using the router as a foothold for further attacks.

Detection Guidance

You can detect this vulnerability by checking if the KAYSUS KS-WR3600 router is running firmware version 1.0.5.9.1 and if the SSH service is enabled on the LAN interface. Since the root account has no password and SSH cannot be disabled or secured, you can attempt to connect via SSH from the LAN side using a command like 'ssh root@<router_ip>' without a password prompt. Successful login without authentication indicates the vulnerability.

Mitigation Strategies

Immediate mitigation steps include isolating the affected router from untrusted LAN networks to prevent unauthorized SSH access, and if possible, replacing the device or firmware with a secure version. Since the SSH service cannot be disabled or secured via CLI or web GUI, network-level controls such as firewall rules blocking SSH access to the router from LAN devices should be implemented.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68716. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart