CVE-2025-7072

Hardcoded credentials in KAON CG3000T/CG3000CT routers

CVSS 9.3 CRITICALEPSS 0.5%CWE-798

Vexday Risk Score

28Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 9.3EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

09 ene 2026Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

The firmware in KAON CG3000TC and CG3000T routers contains hard-coded credentials in clear text (shared across all routers of this model) that an unauthenticated remote attacker could use to execute commands with root privileges. This vulnerability has been fixed in firmware version: 1.00.67 for CG3000TC and 1.00.27 for CG3000T.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Productos afectados

KAON · CG3000T KAON · CG3000TC

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://cert.pl/posts/2026/01/CVE-2025-7072/