CRITICAL
SDMC Technology Co., Ltd
CVE published 2026-05-28
CVE-2026-24444
A critical hardcoded password vulnerability in SDMC NE6037 cable modem routers allows unauthenticated attackers to gain root access through web management recovery endpoints. The vulnerability exists in firmware versions 7.1.6.0.25 and 7.1.6.1.9_B9, where the mgmt.php and npcmd.php endpoints accept a hardcoded credential without authentication. Successful exploitation enables attackers to activate filtere [truncated]