PT-2026-1956 · Kaon · Kaon Cg3000
Piotr Ługowski
·
Publicado
2026-01-09
·
Atualizado
2026-01-09
·
CVE-2025-7072
CVSS v4.0
9.3
Crítica
| Vetor | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
KAON CG3000TC versions prior to 1.00.67
KAON CG3000T versions prior to 1.00.27
Description
The firmware in KAON CG3000TC and CG3000T routers contains hard-coded credentials in clear text, shared across all routers of these models. An unauthenticated remote attacker could exploit this to execute commands with root privileges.
Recommendations
KAON CG3000TC routers should be updated to firmware version 1.00.67 or later.
KAON CG3000T routers should be updated to firmware version 1.00.27 or later.
Correção
Using Hardcoded Credentials
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Kaon Cg3000