KAYSUS KS-WR3600 Router Configuration Management Vulnerability Allowing Unauthorized Access to Sensitive Files
Vulnerability
A vulnerability exists in KAYSUS KS-WR3600 routers running firmware 1.0.5.9.1, where the device improperly manages configuration backups. This flaw allows an attacker to download a full configuration archive containing sensitive information, such as password hashes from the /etc/shadow file, after exploiting an authenticated session. The vulnerability could lead to a complete compromise of the device.
Impact
Exploitation of this vulnerability could result in unauthorized access to sensitive system files, including password hashes, which could be used to gain full control over the affected router.
Reproduction
To reproduce this vulnerability, log into a KAYSUS KS-WR3600 router with firmware 1.0.5.9.1. Once logged in, an attacker can request the backup endpoint without needing additional authentication. The router will respond with a configuration archive that includes sensitive files such as /etc/shadow.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.