CVE-2025-7072
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-09

Last updated on: 2026-01-09

Assigner: CERT.PL

Description
The firmware in KAON CG3000TC and CG3000T routers contains hard-coded credentials in clear text (shared across all routers of this model) that an unauthenticated remote attacker could use to execute commands with root privileges. This vulnerability has been fixed in firmware version: 1.00.67 for CG3000TC and 1.00.27 for CG3000T.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-09
Last Modified
2026-01-09
Generated
2026-06-16
AI Q&A
2026-01-10
EPSS Evaluated
2026-06-14
NVD
CVE-2025-7072
EUVD
EUVD-2026-1746
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
kaon cg3000t to 1.00.27 (exc)
kaon cg3000tc to 1.00.67 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the firmware of KAON CG3000T and CG3000TC routers, where hard-coded authentication credentials are stored in clear text and are the same across all devices of these models. An unauthenticated remote attacker can use these credentials to execute commands with root privileges on the affected routers. [1]

Impact Analysis

If your KAON CG3000T or CG3000TC router is running vulnerable firmware versions, an attacker could remotely gain root access to your device without authentication. This could lead to full control over the router, allowing the attacker to manipulate network traffic, compromise connected devices, or disrupt your network services. [1]

Mitigation Strategies

To mitigate this vulnerability, you should update the firmware of your KAON CG3000T routers to version 1.00.27 or later, and the CG3000TC routers to version 1.00.67 or later. These firmware versions contain fixes that remove the hard-coded credentials vulnerability. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-7072. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart