CVE-2026-24444
Hardcoded Password in SDMC NE6037 Router
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sdmc | ne6037 | 7.1.6.0.25 |
| sdmc | ne6037 | 7.1.6.1.9_b9 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-24444 is a security vulnerability in SDMC NE6037 cable modem routers running certain firmware versions. It involves a hardcoded password in the router's web management interface recovery endpoints (mgmt.php, npcmd.php). This hardcoded password allows unauthenticated attackers to bypass normal authentication and gain root-level access to the device.
Attackers can submit this hardcoded credential via HTTP to the recovery endpoint, which triggers a backdoor function that enables filtered SSH and Telnet services. This results in unauthenticated remote root access to the underlying system, allowing attackers to fully control the router.
The vulnerability was confirmed by a researcher who exploited the backdoor to enable SSH, retrieve the root password hash, and crack it to obtain the root password. The issue exists even in newer firmware versions, although the root password was changed. The vendor acknowledged the problem and committed to removing the backdoor and assigning unique root passwords per device.
How can this vulnerability impact me? :
This vulnerability can have severe impacts because it allows unauthenticated attackers to gain root-level remote access to the affected router devices.
- Attackers can fully control the router, including modifying firewall rules and enabling SSH and Telnet services.
- Such control can lead to interception or manipulation of network traffic, potentially compromising all devices connected to the router.
- Attackers could use the compromised router as a foothold to launch further attacks within the network or to external targets.
- Because the access is unauthenticated and remote, the risk of exploitation is high, especially if the router management interface is exposed to the internet.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for unauthorized access attempts to the router's recovery endpoints (mgmt.php, npcmd.php) via HTTP requests containing the hardcoded password.
One approach is to monitor HTTP traffic to these endpoints for suspicious requests that include the known hardcoded credential.
Additionally, you can scan the device to see if filtered SSH and Telnet services have been enabled without authorization, as attackers leverage the backdoor to enable these services.
Specific commands are not explicitly provided in the resources, but network administrators might use tools like curl or wget to test access to mgmt.php or npcmd.php endpoints with the suspected hardcoded password.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the router's management interface, especially the recovery endpoints (mgmt.php, npcmd.php), by limiting exposure to trusted networks only.
Disable or block HTTP access to these endpoints from untrusted sources to prevent exploitation of the hardcoded password.
Check and disable any unauthorized SSH or Telnet services that may have been enabled via the backdoor.
Contact the device vendor or ISP for firmware updates, as SDMC has acknowledged the issue and committed to removing the backdoor and assigning unique root passwords per device.
Until a patch is applied, consider isolating affected devices from the internet or untrusted networks to reduce risk.