Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.3
CVE-2026-24444: SDMC NE6037 cable modem routers: hardcoded password in web interface
CVE-2026-24444
Summary
Some SDMC cable modem routers have a security flaw that allows unauthorized access to the device. This means an attacker could gain complete control over the device from anywhere on the internet. Users with affected devices should check for updates and change their passwords to protect their devices.
Original title
SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9_B9 contain a hardcoded password vulnerability in the web management interface recovery endpoints (mgmt.php, npcmd.php) that...
Original description
SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9_B9 contain a hardcoded password vulnerability in the web management interface recovery endpoints (mgmt.php, npcmd.php) that allows unauthenticated attackers to gain root access by submitting the hardcoded credential to the recovery endpoint via HTTP. Attackers can leverage this hardcoded password to enable filtered SSH and Telnet services on the device, resulting in unauthenticated root-level remote access to the underlying system.
nvd CVSS3.1
9.8
nvd CVSS4.0
9.3
Vulnerability type
CWE-798
Use of Hard-coded Credentials
Published: 28 May 2026 · Updated: 30 May 2026 · First seen: 28 May 2026