Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-68719

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-08 Jan, 2026 | 00:00
Updated At-08 Jan, 2026 | 20:59
Rejected At-
Credits

KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 mishandle configuration management. Once any user is logged in and maintains an active session, an attacker can directly query the backup endpoint and download a full configuration archive. This archive contains sensitive files such as /etc/shadow, enabling credential recovery and potential full compromise of the device.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:08 Jan, 2026 | 00:00
Updated At:08 Jan, 2026 | 20:59
Rejected At:
â–¼CVE Numbering Authority (CNA)

KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 mishandle configuration management. Once any user is logged in and maintains an active session, an attacker can directly query the backup endpoint and download a full configuration archive. This archive contains sensitive files such as /etc/shadow, enabling credential recovery and potential full compromise of the device.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.kaysus.com/ks_wr3600__wifi_7_be3600_wireless_router.html
N/A
https://github.com/actuator/cve/tree/main/KAYSUS
N/A
https://github.com/actuator/cve/blob/main/KAYSUS/CVE-2025-68719.txt
N/A
Hyperlink: https://www.kaysus.com/ks_wr3600__wifi_7_be3600_wireless_router.html
Resource: N/A
Hyperlink: https://github.com/actuator/cve/tree/main/KAYSUS
Resource: N/A
Hyperlink: https://github.com/actuator/cve/blob/main/KAYSUS/CVE-2025-68719.txt
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-200CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWECWE-552CWE-552 Files or Directories Accessible to External Parties
Type: CWE
CWE ID: CWE-200
Description: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Type: CWE
CWE ID: CWE-552
Description: CWE-552 Files or Directories Accessible to External Parties
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:08 Jan, 2026 | 21:15
Updated At:02 Feb, 2026 | 16:28

KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 mishandle configuration management. Once any user is logged in and maintains an active session, an attacker can directly query the backup endpoint and download a full configuration archive. This archive contains sensitive files such as /etc/shadow, enabling credential recovery and potential full compromise of the device.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
kaysus
kaysus
>>ks-wr3600_firmware>>1.0.5.9.1
cpe:2.3:o:kaysus:ks-wr3600_firmware:1.0.5.9.1:*:*:*:*:*:*:*
kaysus
kaysus
>>ks-wr3600>>-
cpe:2.3:h:kaysus:ks-wr3600:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-200Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-552Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-200
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-552
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/actuator/cve/blob/main/KAYSUS/CVE-2025-68719.txtcve@mitre.org
Third Party Advisory
https://github.com/actuator/cve/tree/main/KAYSUScve@mitre.org
Exploit
https://www.kaysus.com/ks_wr3600__wifi_7_be3600_wireless_router.htmlcve@mitre.org
Product
Hyperlink: https://github.com/actuator/cve/blob/main/KAYSUS/CVE-2025-68719.txt
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://github.com/actuator/cve/tree/main/KAYSUS
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: https://www.kaysus.com/ks_wr3600__wifi_7_be3600_wireless_router.html
Source: cve@mitre.org
Resource:
Product

Change History

0
Information is not available yet

Similar CVEs

55Records found
CVE-2023-43791
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.82% / 74.02%
||
7 Day CHG~0.00%
Published-09 Nov, 2023 | 14:42
Updated-03 Sep, 2024 | 18:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens

Label Studio is a multi-type data labeling and annotation tool with standardized output format. There is a vulnerability that can be chained within the ORM Leak vulnerability to impersonate any account on Label Studio. An attacker could exploit these vulnerabilities to escalate their privileges from a low privilege user to a Django Super Administrator user. The vulnerability was found to affect versions before `1.8.2`, where a patch was introduced.

Action-Not Available
Vendor-humansignalHumanSignal
Product-label_studiolabel-studio
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-39508
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-8.8||HIGH
EPSS-0.82% / 73.95%
||
7 Day CHG~0.00%
Published-05 Aug, 2023 | 06:47
Updated-13 Feb, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Airflow: Airflow "Run task" feature allows execution with unnecessary priviledges

Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The "Run Task" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the webserver context as well as allows to bypas limitation of access the user has to certain DAGs. The "Run Task" feature is considered dangerous and it has been removed entirely in Airflow 2.6.0 This issue affects Apache Airflow: before 2.6.0.

Action-Not Available
Vendor-The Apache Software Foundation
Product-airflowApache Airflowairflow
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2023-39545
Matching Score-4
Assigner-NEC Corporation
ShareView Details
Matching Score-4
Assigner-NEC Corporation
CVSS Score-8.8||HIGH
EPSS-0.07% / 21.85%
||
7 Day CHG~0.00%
Published-17 Nov, 2023 | 05:30
Updated-29 Aug, 2024 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.

Action-Not Available
Vendor-NEC Corporation
Product-expresscluster_x_singleserversafeexpresscluster_xCLUSTERPRO X SingleServerSafe (EXPRESSCLUSTER X SingleServerSafe)CLUSTERPRO X (EXPRESSCLUSTER X)
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2023-39479
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-6.6||MEDIUM
EPSS-0.57% / 68.01%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:10
Updated-12 Aug, 2025 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Softing Secure Integration Server OPC UA Gateway Directory Creation Vulnerability

Softing Secure Integration Server OPC UA Gateway Directory Creation Vulnerability. This vulnerability allows remote attackers to create directories on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of FileDirectory OPC UA Objects. The issue results from allowing unauthorized access to the filesystem. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20548.

Action-Not Available
Vendor-softingSoftingsofting
Product-secure_integration_serverSecure Integration Serversecure_integration_server
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2024-9821
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-41.05% / 97.28%
||
7 Day CHG~0.00%
Published-12 Oct, 2024 | 02:05
Updated-15 Oct, 2024 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bot for Telegram on WooCommerce <= 1.2.4 - Authenticated (Subscriber+) Telegram Bot Token Disclosure to Authentication Bypass

The Bot for Telegram on WooCommerce plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the 'stm_wpcfto_get_settings' AJAX action in all versions up to, and including, 1.2.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to view the Telegram Bot Token, a secret token used to control the bot, which can then be used to log in as any existing user on the site, such as an administrator, if they know the username, due to the Login with Telegram feature.

Action-Not Available
Vendor-guruteamguruteam
Product-Bot for Telegram on WooCommercebot_for_telegram_on_woocommerce
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • Next
Details not found