CVE-2025-7072 CRITICAL

CVE-2025-7072: Hardcoded credentials in KAON CG3000T/CG3000CT routers

Vendor Kaon
Product CG3000T
Weakness CWE-798 · Hardcoded credentials
Published January 9, 2026
Last update January 9, 2026

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

The firmware in KAON CG3000TC and CG3000T routers contains hard-coded credentials in clear text (shared across all routers of this model) that an unauthenticated remote attacker could use to execute commands with root privileges. This vulnerability has been fixed in firmware version: 1.00.67 for CG3000TC and 1.00.27 for CG3000T.

Key dates

02Disclosure timeline

January 9, 2026 CVE published
January 9, 2026 Record updated