CVE-2025-7072

The firmware in KAON CG3000TC and CG3000T routers contains hard-coded credentials in clear text (shared across all routers of this model) that an unauthenticated remote attacker could use to execute commands with root privileges. This vulnerability has been fixed in firmware version: 1.00.67 for CG3000TC and 1.00.27 for CG3000T.

CVSS

No CVSS.

References

Link	Resource
https://cert.pl/posts/2026/01/CVE-2025-7072/

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) El firmware en los routers KAON CG3000TC y CG3000T contiene credenciales codificadas de forma rígida en texto claro (compartidas entre todos los routers de este modelo) que un atacante remoto no autenticado podría usar para ejecutar comandos con privilegios de root. Esta vulnerabilidad ha sido corregida en la versión de firmware: 1.00.67 para CG3000TC y 1.00.27 para CG3000T.

09 Jan 2026, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-09 12:15

Updated : 2026-04-15 00:35

NVD link : CVE-2025-7072

Mitre link : CVE-2025-7072

CVE.ORG link : CVE-2025-7072

JSON object : View

Products Affected

No product.

CWE

CWE-798

Use of Hard-coded Credentials

{"id": "CVE-2025-7072", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "cvd@cert.pl", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-01-09T12:15:54.020", "references": [{"url": "https://cert.pl/posts/2026/01/CVE-2025-7072/", "source": "cvd@cert.pl"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "cvd@cert.pl", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "The firmware in KAON CG3000TC\u00a0and CG3000T routers contains hard-coded credentials in clear text (shared across all routers of this model) that an unauthenticated remote attacker could use to execute commands with root privileges.\nThis vulnerability has been fixed in firmware version: 1.00.67 for CG3000TC and\u00a01.00.27 for\u00a0CG3000T."}, {"lang": "es", "value": "El firmware en los routers KAON CG3000TC y CG3000T contiene credenciales codificadas de forma r\u00edgida en texto claro (compartidas entre todos los routers de este modelo) que un atacante remoto no autenticado podr\u00eda usar para ejecutar comandos con privilegios de root.\nEsta vulnerabilidad ha sido corregida en la versi\u00f3n de firmware: 1.00.67 para CG3000TC y 1.00.27 para CG3000T."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "cvd@cert.pl"}