By rssfeeds-admin Many of these devices have reached End-of-Life (EoL) and will not receive vendor patches, leaving users and critical infrastructure at grave risk.
WAN-Side Web and API Authentication Bypasses
In the most widespread case, D-Link’s DSL-6740C series modems suffer multiple pre-authentication flaws (CVE-2024-11067, CVE-2024-11066, CVE-2024-11068) that allow attackers to read system files, execute arbitrary commands, and change root passwords via unauthenticated HTTP requests. For example:
bashcurl 'http://<target>/DELT_file.xgi?set/sys/user:1/password=12345678'
This single GET request resets the root credential to “12345678”, granting persistent administrative control.
Trend Micro’s scan of FOFA data found over 59,000 exposed DSL-6740C units on the public Internet in November 2024, down only slightly to 23,000 by July 2025.
Console and UPnP Command Injection in Industrial Routers
Industrial and in-vehicle routers from Billion/BEC, Zyxel, Nokia, DASAN, and Hitron also contain insecure default settings and command injection vectors.
On BEC’s MXConnect® series, BusyBox command injection (CVE-2024-11983) can be triggered via the CLI prompt:
texthome.gateway> sys ping `cat /etc/passwd`
UPnP abuse (CVE-2024-11980) on port 5555 permits factory resets and SSID changes without credentials.
Zyxel P-6101C devices running Boa/0.94.13 reveal authentication bypass (CVE-2024-11494) by issuing HEAD requests to /cgi-bin/status_deviceinfo.asp.
These misconfigurations allow lateral movement within private LTE and SCADA environments, where modems serve as the network edge.
Hidden Backdoors and Firmware Extraction
Researchers demonstrated firmware exfiltration from thttpd-based devices by chaining BusyBox and Netcat.
On D-Link and Zyxel modems, unauthenticated access to config.xgi discloses the device’s MAC address, which in many models directly derives the default LAN/WAN passwords.
A hard-coded decryption key in BEC’s firmware also enabled the extraction of customer Wi-Fi credentials:
pythonfrom Crypto.Cipher import AES
key = b'wfqMVcNqHvTIE3smTERwUiZRw0Ypbjtm'
cipher = AES.new(key, AES.MODE_ECB)
plaintext = cipher.decrypt(base64.b64decode(enc_string + '=='))
Trend Micro warned that these “design failures” persist across sibling products—from D-Link DSL-7740C twins to Hitron CGNF-TWN cable gateways—yet vendors frequently disclaim responsibility, citing EoL status.
With critical infrastructure—including water plants, power grids, and public safety networks—relying on these modems, the absence of vendor patches poses a national security concern.
Experts urge ISPs to retire EoL devices and adopt “Router Freedom” policies that allow subscribers to deploy secure third-party hardware.
Meanwhile, users should treat modems as Tier-0 assets: disable unused services, change default credentials, and run periodic port scans to detect exposed management interfaces.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates
The post Smart Bus System Flaws Allow Hackers to Track and Control Vehicles Remotely appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.