Report an incident
Back
  • About us
  • For experts
Report an incident
About us
About our team Contact
Baza wiedzy
Fałszywe inwestycje Uważaj na fałszywe sklepy online (Nie)bezpieczne płatności Fałszywi konsultanci Zadbaj o bezpieczne hasła i logowanie Fałszywe załączniki w mailach Fałszywe prośby o szybki przelew Fałszywe SMSy - plaga ostatnich miesięcy Bezpieczny telefon
Biuletyn OUCH!
Porady bezpieczeństwa OUCH!
Projects
n6 Artemis MWDB
CVD program
CVD policy Advisories

Vulnerability in firmware of KAON CG3000T/CG3000TC routers
09 January 2026 | CERT Polska | #vulnerability, #warning, #cve
CVE ID CVE-2025-7072
Publication date 09 January 2026
Vendor KAON
Product CG3000T and CG3000TC
Vulnerable versions CG3000T: before 1.00.27
CG3000TC: before 1.00.67
Vulnerability type (CWE) Use of Hard-coded Credentials (CWE-798)
Report source Report to CERT Polska

Description

CERT Polska has received a report about vulnerability in two KAON routers: CG3000T and CG3000CT. The team participated in coordination of its disclosure.

The vulnerability CVE-2025-7072: The firmware in KAON CG3000TC and CG3000T routers contains hard-coded credentials in clear text (shared across all routers of this model) that an unauthenticated remote attacker could use to execute commands with root privileges.

This vulnerability has been fixed in firmware version: 1.00.67 for CG3000TC and 1.00.27 for CG3000T.

Credits

We thank Piotr Ługowski for the responsible vulnerability report.

More about the coordinated vulnerability disclosure process at CERT Polska can be found at https://cert.pl/en/cvd/.