VYPR
Critical severity9.8NVD Advisory· Published May 28, 2026· Updated Jun 1, 2026

CVE-2026-24444

CVE-2026-24444

Description

SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9_B9 contain a hardcoded password vulnerability in the web management interface recovery endpoints (mgmt.php, npcmd.php) that allows unauthenticated attackers to gain root access by submitting the hardcoded credential to the recovery endpoint via HTTP. Attackers can leverage this hardcoded password to enable filtered SSH and Telnet services on the device, resulting in unauthenticated root-level remote access to the underlying system.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

1
  • SDMC/NE6037llm-fuzzy
    Range: = 7.1.6.0.25, = 7.1.6.1.9_B9

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.