Full Report
Use of Hard-coded Credentials vulnerability (CVE-2025-7072) has been found in firmware of KAON routers CG3000T and CG3000TC.
Analysis Summary
# Vulnerability: Hard-coded Credentials in KAON Router Firmware
## CVE Details
- CVE ID: CVE-2025-7072
- CVSS Score: Not specified in the source (Severity is likely High given root access)
- CWE: CWE-798 (Use of Hard-coded Credentials)
## Affected Systems
- Products: KAON CG3000T and CG3000TC routers
- Versions:
- CG3000T: before 1.00.27
- CG3000TC: before 1.00.67
- Configurations: Applicable to default/shipped firmware versions prior to the patched releases.
## Vulnerability Description
The firmware for KAON CG3000T and CG3000TC routers contains hard-coded administrative credentials stored in clear text. These credentials are shared across all routers of the same model, allowing an unauthenticated remote attacker to use them to gain control. Successful exploitation leads to the execution of arbitrary commands with root privileges.
## Exploitation
- Status: Not enough information provided to confirm Widespread exploitation (Assumed: PoC likely exists due to clear-text credentials).
- Complexity: Low (A known, hard-coded credential reduces complexity significantly).
- Attack Vector: Network (Implied, as it targets remote access/firmware).
## Impact
- Confidentiality: High (Root access allows viewing all system data).
- Integrity: High (Root access allows modification or complete compromise of system integrity).
- Availability: High (Root access allows for denial of service or device destruction).
## Remediation
### Patches
- **KAON CG3000T:** Upgrade firmware to version **1.00.27** or newer.
- **KAON CG3000TC:** Upgrade firmware to version **1.00.67** or newer.
### Workarounds
No official workarounds were detailed in the provided summary. Immediate patching is the recommended primary defense against this hard-coded credential flaw.
## Detection
- **Indicators of Compromise:** Unauthorized user activity, unusual processes executing as root, or unexplained network configuration changes.
- **Detection Methods and Tools:** Network monitoring for unusual traffic targeting management interfaces, and periodic firmware verification against vendor advisories.
## References
- Vendor advisories: KAON (though specific advisory link not provided in summary)
- Relevant links:
- CVE Record: cve data org/CVERecord?id=CVE-2025-7072
- CERT Polska CVD Process: cert pl/en/cvd/