Description
SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9_B9 contain a hardcoded password vulnerability in the web management interface recovery endpoints (mgmt.php, npcmd.php) that allows unauthenticated attackers to gain root access by submitting the hardcoded credential to the recovery endpoint via HTTP. Attackers can leverage this hardcoded password to enable filtered SSH and Telnet services on the device, resulting in unauthenticated root-level remote access to the underlying system.
Published: 2026-05-28
Score: 9.3 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9_B9 contain a hard‑coded password in the web management interface recovery endpoints mgmt.php and npcmd.php. The vulnerability is a use of hard‑coded credentials (CWE‑798). Unauthenticated attackers can submit this credential to the recovery endpoint via HTTP to gain root access, then enable SSH and Telnet services, providing full remote control of the device.

Affected Systems

The affected vendors and products are SDMC Technology Co., Ltd’s NE6037 cable modem routers, specifically firmware versions 7.1.6.0.25 and 7.1.6.1.9_B9.

Risk and Exploitability

The CVSS score of 9.3 indicates a high severity vulnerability. EPSS is not available, so exploitation probability is unknown, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is remote over HTTP to the recovery endpoint, with no authentication required. An attacker can submit the hard‑coded credential, receive root access, and subsequently enable or exploit SSH/Telnet services for full system compromise.

Generated by OpenCVE AI on May 28, 2026 at 18:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update from SDMC that removes the hard‑coded password and replaces it with a configurable credential.
  • If a firmware update is unavailable, block remote HTTP access to the recovery endpoints (mgmt.php and npcmd.php) by configuring firewall rules or ACLs.
  • Disable or restrict SSH and Telnet services on the device, and block incoming connections to those ports using the device’s firewall or network segmentation.

Generated by OpenCVE AI on May 28, 2026 at 18:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 28 May 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 28 May 2026 17:00:00 +0000

Type Values Removed Values Added
Description SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9_B9 contain a hardcoded password vulnerability in the web management interface recovery endpoints (mgmt.php, npcmd.php) that allows unauthenticated attackers to gain root access by submitting the hardcoded credential to the recovery endpoint via HTTP. Attackers can leverage this hardcoded password to enable filtered SSH and Telnet services on the device, resulting in unauthenticated root-level remote access to the underlying system.
Title SDMC NE6037 Hardcoded Password via mgmt.php/npcmd.php
Weaknesses CWE-798
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-28T17:29:24.215Z

Reserved: 2026-01-22T20:23:19.804Z

Link: CVE-2026-24444

cve-icon Vulnrichment

Updated: 2026-05-28T17:29:21.000Z

cve-icon NVD

Status : Received

Published: 2026-05-28T17:16:20.143

Modified: 2026-05-28T17:16:20.143

Link: CVE-2026-24444

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T19:00:16Z

Weaknesses