CVE 9.3 CRITICAL

SDMC NE6037 Hardcoded Password via mgmt.php/npcmd.php_CVE-2026-24444

May 28, 2026 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9_B9 contain a hardcoded password vulnerability in the web management interface recovery endpoints (mgmt.php, npcmd.php) that allows unauthenticated attackers to gain root access by submitting the hardcoded credential to the recovery endpoint via HTTP. Attackers can leverage this hardcoded password to enable filtered SSH and Telnet services on the device, resulting in unauthenticated root-level remote access to the underlying system.

AI Analysis

Hardcoded password vulnerability in the web management interface recovery endpoints

Basic Information

ID CVE-2026-24444

Source VulnCheck

Published May 28, 2026 at 15:32

Affected Product

Vendor SDMC Technology Co., Ltd

Product NE6037

Version 7.1.6.0.25

Affected Versions SDMC Technology Co., Ltd NE6037 7.1.6.0.25
SDMC Technology Co., Ltd NE6037 7.1.6.1.9_B9

CWE Classification

CWE-798

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor SDMC Technology Co., Ltd

Product NE6037

Version 7.1.6.0.25, 7.1.6.1.9_B9

References

{
    "lastseen": "",
    "description": "SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9_B9 contain a hardcoded password vulnerability in the web management interface recovery endpoints (mgmt.php, npcmd.php) that allows unauthenticated attackers to gain root access by submitting the hardcoded credential to the recovery endpoint via HTTP. Attackers can leverage this hardcoded password to enable filtered SSH and Telnet services on the device, resulting in unauthenticated root-level remote access to the underlying system.",
    "published": "2026-05-28T15:32:14.333Z",
    "modified": "2026-05-28T15:32:14.333Z",
    "type": "cve",
    "title": "SDMC NE6037 Hardcoded Password via mgmt.php/npcmd.php",
    "source": "VulnCheck",
    "references": "https://www.kr3bz.wtf/posts/sdmc-ne6037-router-recovery-backdoor/\nhttps://en.sdmctech.com/product/DOCSIS_234.html",
    "id": "CVE-2026-24444",
    "bulletinFamily": "",
    "cwe": [
        "CWE-798"
    ],
    "cvelist": null,
    "sourceData": "SDMC Technology Co., Ltd NE6037 7.1.6.0.25\nSDMC Technology Co., Ltd NE6037 7.1.6.1.9_B9",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "NE6037",
    "version": "7.1.6.0.25",
    "vendor": "SDMC Technology Co., Ltd",
    "ai_description": "Hardcoded password vulnerability in the web management interface recovery endpoints",
    "ai_severity": "Critical",
    "ai_vendor": "SDMC Technology Co., Ltd",
    "ai_product": "NE6037",
    "ai_version": "7.1.6.0.25, 7.1.6.1.9_B9",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply