CVE-2025-7072

Hardcoded credentials in KAON CG3000T/CG3000CT routers

CVSS 9.3 CRITICALEPSS 0.5%CWE-798

Vexday Risk Score

28Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 9.3EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

09 jan 2026Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

The firmware in KAON CG3000TC and CG3000T routers contains hard-coded credentials in clear text (shared across all routers of this model) that an unauthenticated remote attacker could use to execute commands with root privileges. This vulnerability has been fixed in firmware version: 1.00.67 for CG3000TC and 1.00.27 for CG3000T.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Produtos afetados

KAON · CG3000T KAON · CG3000TC

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://cert.pl/posts/2026/01/CVE-2025-7072/