CVE-2026-24934

The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. An unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to spoof the response, leading the device to update its...

CVE-2024-6199 Unauthenticated Remote Code Execution

An unauthenticated attacker on the WAN interface, with the ability to intercept Dynamic DNS DDNS traffic between DDNS services and the modem, could manipulate specific responses to include code that forces a buffer overflow on the modem. Customers that have not enabled Dynamic DNS on their modem...

Black Hat: Novel DNS Hack Spills Confidential Corp Data

LAS VEGAS – Amazon and Google patched a domain name service DNS bug that allowed attackers to snoop on the confidential networking settings of companies – revealing computer and employee names along with office locations and exposed web resources. The vulnerability, outlined in a Black Hat USA 20...