KAYSUS KS-WR3600 Authentication Bypass Vulnerability Allowing Privilege Escalation
Vulnerability
An authentication bypass vulnerability has been identified in KAYSUS KS-WR3600 routers running firmware 1.0.5.9.1. This vulnerability occurs during session validation, where the web interface fails to properly enforce authentication checks. Endpoints such as /cgi-bin/system-tool will accept unauthenticated requests with empty or invalid session values, as long as another user is logged in. This flaw allows attackers to exploit an active session to access sensitive configuration data or perform privileged actions without authentication.
Impact
Exploitation of this vulnerability could lead to unauthorized access to sensitive configuration information and the ability to execute privileged actions on the router.
Reproduction
To reproduce this vulnerability, log into a KAYSUS KS-WR3600 router with firmware 1.0.5.9.1. Once logged in, send a request to the /cgi-bin/system-tool endpoint with an empty or invalid session value. The router will process the request, bypassing authentication checks, and allowing access to sensitive functions or data.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.