PT-2026-1956 · Kaon · Kaon Cg3000
Piotr Ługowski
·
Published
2026-01-09
·
Updated
2026-01-09
·
CVE-2025-7072
CVSS v4.0
9.3
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
KAON CG3000TC versions prior to 1.00.67
KAON CG3000T versions prior to 1.00.27
Description
The firmware in KAON CG3000TC and CG3000T routers contains hard-coded credentials in clear text, shared across all routers of these models. An unauthenticated remote attacker could exploit this to execute commands with root privileges.
Recommendations
KAON CG3000TC routers should be updated to firmware version 1.00.67 or later.
KAON CG3000T routers should be updated to firmware version 1.00.27 or later.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kaon Cg3000