CVE-2025-51381
BaseFortify
Publication date: 2025-06-18
Last updated on: 2025-06-18
Assigner: JPCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-288 | The product requires authentication, but the product has an alternate path or channel that does not require authentication. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
If exploited, this vulnerability allows an attacker on the same local network to bypass authentication and gain unauthorized access to the KAON KCM3100 device. This can lead to full compromise of confidentiality, integrity, and availability of the device and potentially the network it serves. [1]
Can you explain this vulnerability to me?
CVE-2025-51381 is an authentication bypass vulnerability in the KAON KCM3100 Wi-Fi enabled gateway, specifically versions 1.4.2 and earlier. An attacker within the same LAN can exploit an alternate path or channel to bypass the device's authentication, gaining unauthorized access without needing valid credentials. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to update the KAON KCM3100 device firmware to version 1.4.8 or later, as provided by the vendor JCOM Co., Ltd. This update enhances the modem's security features and addresses the authentication bypass vulnerability. The update is applied automatically after the modem is restarted once, and the internet service remains uninterrupted during the process. [1, 2]