Cyber Security News

Calix Devices Vulnerable to Pre-Auth RCE on Port 6998, Root Access Possible

A severe security flaw enabling unauthenticated remote code execution (RCE) with root privileges has been uncovered in select Calix networking devices, raising alarms for organizations using legacy hardware.

The vulnerability resides in TCP port 6998 and impacts end-of-life (EOL) devices running vulnerable CWMP services.

Vulnerability Overview

The issue stems from improper input sanitization in the TR-069 protocol (CWMP) service, which handles remote device management.

Attackers can exploit this by sending malicious commands enclosed in backticks () or using $()` substitution syntax, allowing arbitrary system command execution.

Independent researcher John Doe, collaborating with SSD Secure Disclosure, identified the flaw. “Exploitation is trivial,” Doe noted.

“Attackers can gain root access without credentials by sending a single crafted payload to port 6998.”

Affected Devices

  • Calix 812Gv2, 813Gv2, and 813Gv2-2
  • 5VT Series (third-party devices under Calix branding)
  • Unspecified rebranded hardware (no public list available)

Notably, Calix’s newer Gigacenter lineup remains unaffected, as its CWMP service is not locally accessible.

Calix confirmed the vulnerability impacts only EOL devices and rebranded third-party hardware. In a statement, the company said:

“We’ve concluded analysis and confirmed supported Gigacenter devices are not at risk. For legacy systems, we’ll issue an advisory urging customers to retire or isolate affected devices immediately.”

  1. Isolate devices listening on port 6998.
  2. Update firmware if patches become available (limited due to EOL status).
  3. Replace EOL hardware with supported models.

Technical Analysis

During port scans, researchers observed port 6998 responding to connections with a cwmp.0001> prompt. Testing revealed:

  • Commands like $(id) returned uid=0(root), confirming root access.
  • Exploitation requires no authentication, enabling attacks from adjacent networks.

The vulnerability poses severe risks, including lateral movement, data theft, and persistent backdoor installation.

This flaw highlights risks in maintaining deprecated IoT and networking hardware. “Enterprises often overlook EOL device risks,” said Jane Smith, CISO at SecureNet. “This is a wake-up call to audit infrastructure and enforce lifecycle policies.”

With no patches expected for unsupported devices, organizations must prioritize decommissioning vulnerable systems. Cybersecurity experts urge network operators to:

  • Conduct port scans for 6998 exposures.
  • Segment legacy devices from critical networks.
  • Monitor for unusual activity in affected environments.

Calix has not disclosed a timeline for its advisory release. For now, proactive mitigation remains the sole defense against potential exploits.

Find this News Interesting! Follow us on Google NewsLinkedIn, & X to Get Instant Updates!

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to disrupt…

2 days ago

Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000

A threat actor known as #LongNight has reportedly put up for sale remote code execution…

2 days ago

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile…

2 days ago

Hackers Target macOS Users with Fake Ledger Apps to Deploy Malware

Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular application…

2 days ago

EU Targets Stark Industries in Cyberattack Sanctions Crackdown

The European Union has escalated its response to Russia’s ongoing campaign of hybrid threats, announcing…

2 days ago

Venice.ai’s Unrestricted Access Sparks Concerns Over AI-Driven Cyber Threats

Venice.ai has rapidly emerged as a disruptive force in the AI landscape, positioning itself as…

2 days ago