KAYSUS KS-WR3600 SSH Access Vulnerability Allowing Root Command Execution

Vulnerability

A vulnerability exists in KAYSUS KS-WR3600 routers running firmware 1.0.5.9.1, where the SSH service is enabled by default on the LAN interface. The root account has no password, and there are no options to disable SSH or require authentication through the command line interface or web graphical user interface. This configuration allows any attacker on the local network to easily gain root access and execute arbitrary commands with full privileges.

Impact

Exploitation of this vulnerability provides unauthorized root access, allowing execution of arbitrary commands with full privileges on the affected router.

Added: Jan 8, 2026, 9:22 PM

Updated: Jan 8, 2026, 9:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.9

remediation

0.0

relevance

1.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.9

remediation

0.0

relevance

1.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

KAYSUS KS-WR3600 SSH Access Vulnerability Allowing Root Command Execution

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating