Critical Auth Bypass Vulnerability (CVE-2025-51381) Found in KAON KCM3100 Gateways
Do Son 
A critical vulnerability has been disclosed in KAON’s KCM3100 Wi-Fi gateway devices that could allow attackers to bypass authentication controls from within a local network. Tracked as CVE-2025-51381 and carrying a CVSS score of 9.8, the flaw poses a serious risk to users of the affected hardware.
The KAON KCM3100 is a consumer-grade Wi-Fi-enabled gateway widely deployed in home and small office networks. Researchers identified that versions 1.4.2 and earlier contain an authentication bypass vulnerability due to improper handling of alternate access paths.
According to the advisory, the flaw is described as an “authentication bypass using an alternate path or channel vulnerability,” which effectively allows local attackers to gain unauthorized access to administrative functionality without valid credentials.
While exploitation of this vulnerability requires LAN access, attackers with a foothold on the local network—such as through malware, physical access, or compromised devices—could gain full control over the gateway.
This could lead to:
- Unauthorized configuration changes
- Network traffic interception or rerouting
- Persistent malware installation
- Complete takeover of internal network operations
“An attacker may bypass the authentication of the product from within the LAN to which the product is connected,” the advisory states.
The vendor has released firmware version 1.4.8 to address this issue. Users are strongly advised to update immediately.
Related Posts:
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
