Vulnerability Details CVE-2025-68719
KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 mishandle configuration management. Once any user is logged in and maintains an active session, an attacker can directly query the backup endpoint and download a full configuration archive. This archive contains sensitive files such as /etc/shadow, enabling credential recovery and potential full compromise of the device.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 13.6%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2025-68719
-
cpe:2.3:h:kaysus:ks-wr3600:-
-
cpe:2.3:o:kaysus:ks-wr3600_firmware:1.0.5.9.1