Published:2025/06/18 Last Updated:2025/06/18
JVN#46288336
KCM3100 vulnerable to authentication bypass using an alternate path or channel
Overview
KCM3100 provided by KAON contains an authentication bypass using an alternate path or channel vulnerability.
Products Affected
- KAON KCM3100 Ver1.4.2 and earlier
Description
KCM3100 provided by KAON is a Wi-Fi enabled gateway. KCM3100 contains the following vulnerability.
- Authentication bypass using an alternate path or channel (CWE-288)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 9.3
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 9.8
- CVE-2025-51381
Impact
An attacker may bypass the authentication of the product from within the LAN to which the product is connected.
Solution
Update the firmware
Update the firmware to the latest version according to the information provided by the developer.
Vendor Status
| Vendor | Link |
| JCOM Co., Ltd. | Firmware Update for Enhanced Security of KAON Cable Modem (Text in Japanese) |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Namihiko Matsumura reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2025-51381 |
| JVN iPedia |
JVNDB-2025-000040 |