CVE-2025-7072 is a high-severity vulnerability identified in the KAON CG3000TC and CG3000T router models. The root cause is the presence of hard-coded credentials embedded within the router firmware in clear text. These credentials are uniform across all devices of the affected models, enabling an unauthenticated remote attacker to leverage them to execute arbitrary commands with root privileges. The vulnerability does not require any authentication or user interaction, making it trivially exploitable remotely over the network. The impact is severe, as attackers gaining root access can manipulate router configurations, intercept or redirect traffic, deploy malware, or create persistent backdoors. The vulnerability is classified under CWE-798 (Use of Hard-coded Credentials), a common and dangerous security flaw. The vendor has addressed this issue in firmware versions 1.00.67 for CG3000TC and 1.00.27 for CG3000T. No known exploits have been reported in the wild yet, but the critical CVSS 4.0 score of 9.3 reflects the high risk posed by this vulnerability. The vulnerability was reserved in July 2025 and published in January 2026 by CERT-PL, indicating active tracking and disclosure by security authorities.

For European organizations, the exploitation of this vulnerability could lead to complete compromise of affected routers, which are often used as gateways in enterprise and residential networks. Attackers with root access can intercept sensitive data, disrupt network availability, and pivot to internal systems, potentially leading to data breaches, espionage, or ransomware deployment. Critical infrastructure sectors such as energy, finance, healthcare, and government agencies relying on KAON CG3000T routers are particularly vulnerable. The uniformity of the hard-coded credentials increases the risk of widespread attacks once exploit code becomes available. Additionally, compromised routers can be used as launchpads for broader attacks on European networks, undermining trust in network security and causing operational disruptions.

Organizations should immediately verify if KAON CG3000TC or CG3000T routers are deployed within their networks and identify firmware versions in use. The primary mitigation is to upgrade affected devices to firmware versions 1.00.67 (CG3000TC) or 1.00.27 (CG3000T) or later, which remove the hard-coded credentials. Where immediate patching is not feasible, network segmentation should be implemented to isolate vulnerable routers from critical systems and restrict remote management access. Deploy network intrusion detection systems (NIDS) to monitor for unusual command execution or unauthorized access attempts. Change default management ports and disable remote administration if not required. Additionally, organizations should audit router configurations regularly and consider replacing devices that cannot be patched promptly. Vendor communication channels should be monitored for any updates or additional patches.