A severe remote code execution (RCE) vulnerability affects certain Calix networking devices, allowing attackers to gain complete system control without authentication. Network administrators operating Calix infrastructure should immediately audit their deployments for exposed port 6998 services and take appropriate mitigation steps to protect against this trivially exploitable remote code execution vulnerability. In 2022, researchers documented a different attack where threat actors exploited GigaCenter devices to install SOCKS proxy servers on port 8111, causing service degradation and requiring device reboots to temporarily mitigate. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. SSD Secure Disclosure reports that user input containing special characters such as backticks (“) or command substitution syntax ($()) is not properly sanitized, allowing arbitrary system commands to be executed with root privileges. Notably, Calix’s current-generation Gigacenter devices are confirmed unaffected, as they “do not have a locally accessible CWMP (TR-069) service running,” according to the vendor’s response. Calix acknowledged the vulnerability, stating: “As the only devices with this vulnerability present appear to be these EOL rebranded systems, we will be closing this issue out. The flaw impacts legacy devices running vulnerable CWMP (CPE WAN Management Protocol) services on TCP port 6998. Kaaviya is a Security Editor and fellow reporter with Cyber Security News. “Exploitation is very easy, just input any shell command you wish to run inside the parentheses,” noted the researcher’s report.
This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 11 Apr 2025 11:45:13 +0000