A severe security flaw enabling unauthenticated remote code execution (RCE) with root privileges has been uncovered in select Calix networking devices, raising alarms for organizations using legacy hardware.
The vulnerability resides in TCP port 6998 and impacts end-of-life (EOL) devices running vulnerable CWMP services.
The issue stems from improper input sanitization in the TR-069 protocol (CWMP) service, which handles remote device management.
Attackers can exploit this by sending malicious commands enclosed in backticks () or using $()` substitution syntax, allowing arbitrary system command execution.
Independent researcher John Doe, collaborating with SSD Secure Disclosure, identified the flaw. “Exploitation is trivial,” Doe noted.
“Attackers can gain root access without credentials by sending a single crafted payload to port 6998.”
Affected Devices
Notably, Calix’s newer Gigacenter lineup remains unaffected, as its CWMP service is not locally accessible.
Calix confirmed the vulnerability impacts only EOL devices and rebranded third-party hardware. In a statement, the company said:
“We’ve concluded analysis and confirmed supported Gigacenter devices are not at risk. For legacy systems, we’ll issue an advisory urging customers to retire or isolate affected devices immediately.”
During port scans, researchers observed port 6998 responding to connections with a cwmp.0001> prompt. Testing revealed:
The vulnerability poses severe risks, including lateral movement, data theft, and persistent backdoor installation.
This flaw highlights risks in maintaining deprecated IoT and networking hardware. “Enterprises often overlook EOL device risks,” said Jane Smith, CISO at SecureNet. “This is a wake-up call to audit infrastructure and enforce lifecycle policies.”
With no patches expected for unsupported devices, organizations must prioritize decommissioning vulnerable systems. Cybersecurity experts urge network operators to:
Calix has not disclosed a timeline for its advisory release. For now, proactive mitigation remains the sole defense against potential exploits.
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!
Cybersecurity specialists have devised an innovative approach to combat an emerging cybercrime called "PigButchering" on…
A sophisticated spam campaign targeting Portuguese-speaking users in Brazil has been uncovered by Cisco Talos,…
Silent Push Threat Analysts have recently exposed a sophisticated financial scam leveraging a vulnerability in…
Google Chrome has emerged as the undisputed champion of data collection among 10 popular web…
A recent discovery by Netskope Threat Labs has brought to light a highly complex ransomware…
Ransomware-as-a-Service (RaaS) has solidified its position as the dominant framework driving ransomware attacks in 2024,…