PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-24444 SDMC Technology Co., Ltd CVE debrief

A critical hardcoded password vulnerability in SDMC NE6037 cable modem routers allows unauthenticated attackers to gain root access through web management recovery endpoints. The vulnerability exists in firmware versions 7.1.6.0.25 and 7.1.6.1.9_B9, where the mgmt.php and npcmd.php endpoints accept a hardcoded credential without authentication. Successful exploitation enables attackers to activate filtered SSH and Telnet services, resulting in unauthenticated root-level remote access to the underlying system. The vulnerability was published to the National Vulnerability Database on May 28, 2026, and is classified under CWE-798 (Use of Hard-coded Credentials). No known exploitation in ransomware campaigns has been documented.

Vendor
SDMC Technology Co., Ltd
Product
NE6037
CVSS
CRITICAL 9.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-28
Original CVE updated
2026-05-28
Advisory published
2026-05-28
Advisory updated
2026-05-28

Who should care

Telecommunications providers deploying SDMC NE6037 modems to residential and business customers; network security teams managing cable modem infrastructure; SOHO users with ISP-provided SDMC equipment; incident response teams monitoring for router compromise indicators

Technical summary

The SDMC NE6037 cable modem router firmware contains hardcoded credentials in the web-based recovery mechanism. The mgmt.php and npcmd.php endpoints accept a static password value that grants administrative access without requiring prior authentication. Attackers can submit HTTP requests to these endpoints with the hardcoded credential to escalate privileges and subsequently enable restricted remote access services (SSH on port 22, Telnet on port 23) that provide interactive root shell access. The vulnerability is remotely exploitable without user interaction and results in complete system compromise.

Defensive priority

critical

Recommended defensive actions

  • Immediately inventory all SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 or 7.1.6.1.9_B9
  • Contact SDMC Technology or your ISP for patched firmware availability and deployment timeline
  • Restrict network access to web management interfaces (TCP 80/443) at network boundaries until patching is complete
  • Monitor for unauthorized SSH or Telnet service activation on affected devices
  • Implement network segmentation to isolate cable modem management interfaces from untrusted networks
  • Review device logs for suspicious access to mgmt.php or npcmd.php endpoints
  • Consider replacing affected devices if vendor patch timeline is unacceptable for risk tolerance

Evidence notes

Vulnerability confirmed through official NVD record with references to vendor product page and independent security research disclosure. CVSS 4.0 vector indicates network attack vector with low attack complexity, no privileges required, and high impact to confidentiality, integrity, and availability.

Official resources

2026-05-28