CVE-2026-24444: Use of Hard-coded Credentials in SDMC Technology Co., Ltd NE6037
SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9_B9 contain a hardcoded password vulnerability in the web management interface recovery endpoints (mgmt.php, npcmd.php) that allows unauthenticated attackers to gain root access by submitting the hardcoded credential to the recovery endpoint via HTTP. Attackers can leverage this hardcoded password to enable filtered SSH and Telnet services on the device, resulting in unauthenticated root-level remote access to the underlying system.
AI Analysis
Technical Summary
The NE6037 cable modem routers from SDMC Technology Co., Ltd running specific firmware versions contain hardcoded credentials in recovery endpoints (mgmt.php, npcmd.php) of the web management interface. An attacker can use these credentials without authentication to gain root access remotely. This access allows enabling filtered SSH and Telnet services, providing full control over the device. The vulnerability is remotely exploitable over the network without user interaction and requires no privileges. The CVSS 4.0 vector indicates high impact on confidentiality, integrity, and availability. No vendor advisory or patch information is currently available, and the device is not a cloud service, so remediation depends on vendor action or user mitigation.
Potential Impact
Successful exploitation results in unauthenticated remote root-level access to the affected NE6037 devices. Attackers can enable SSH and Telnet services, potentially leading to full compromise of the device and its network environment. This can severely impact device confidentiality, integrity, and availability. There are no known exploits in the wild currently, but the vulnerability is rated critical with a CVSS score of 9.3.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider restricting network access to the device's management interface and monitor for any unusual activity. Avoid exposing the device management interface to untrusted networks. Follow vendor communications closely for updates on patches or official mitigations.
CVE-2026-24444: Use of Hard-coded Credentials in SDMC Technology Co., Ltd NE6037
Description
SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9_B9 contain a hardcoded password vulnerability in the web management interface recovery endpoints (mgmt.php, npcmd.php) that allows unauthenticated attackers to gain root access by submitting the hardcoded credential to the recovery endpoint via HTTP. Attackers can leverage this hardcoded password to enable filtered SSH and Telnet services on the device, resulting in unauthenticated root-level remote access to the underlying system.
CVSS v4.0
Score 9.3critical
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The NE6037 cable modem routers from SDMC Technology Co., Ltd running specific firmware versions contain hardcoded credentials in recovery endpoints (mgmt.php, npcmd.php) of the web management interface. An attacker can use these credentials without authentication to gain root access remotely. This access allows enabling filtered SSH and Telnet services, providing full control over the device. The vulnerability is remotely exploitable over the network without user interaction and requires no privileges. The CVSS 4.0 vector indicates high impact on confidentiality, integrity, and availability. No vendor advisory or patch information is currently available, and the device is not a cloud service, so remediation depends on vendor action or user mitigation.
Potential Impact
Successful exploitation results in unauthenticated remote root-level access to the affected NE6037 devices. Attackers can enable SSH and Telnet services, potentially leading to full compromise of the device and its network environment. This can severely impact device confidentiality, integrity, and availability. There are no known exploits in the wild currently, but the vulnerability is rated critical with a CVSS score of 9.3.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider restricting network access to the device's management interface and monitor for any unusual activity. Avoid exposing the device management interface to untrusted networks. Follow vendor communications closely for updates on patches or official mitigations.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2026-01-22T20:23:19.804Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a1871e7e29bf47b501244bb
Added to database: 5/28/2026, 4:48:39 PM
Last enriched: 5/28/2026, 5:05:52 PM
Last updated: 5/29/2026, 5:29:43 PM
Views: 9
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.