A critical vulnerability, identified as CVE-2025-31717, exists in multiple modem products from the vendor "In". This flaw allows a remote, unauthenticated attacker to crash the device by sending specially crafted data, resulting in a complete denial of service and loss of connectivity. Due to its high severity and ease of exploitation, immediate remediation is strongly recommended to prevent service disruptions.

The vulnerability is a result of improper input validation within the modem's software stack. A remote attacker can send a specially crafted packet or data stream to an exposed service on the modem. The device's software fails to properly sanitize or handle this malicious input, leading to an unhandled exception or memory error that causes the entire system to crash and reboot, resulting in a Denial of Service (DoS) condition. Exploitation requires no user interaction or authentication, making it possible for any attacker with network access to the device to trigger the vulnerability.

This vulnerability is rated as critical severity with a CVSS score of 9.8, reflecting the significant risk it poses to business operations. Successful exploitation will lead to a complete denial of service, causing an interruption of all network connectivity provided by the modem. The consequences include loss of internet access, disruption of business-critical applications, interruption of VoIP communications, and potential financial losses due to downtime. The ease of remote exploitation without any special privileges means that affected devices are at high risk of being targeted.

Immediate Action: Apply the vendor-supplied security updates to all affected "In" products immediately. Before and after patching, actively monitor for signs of exploitation attempts and review system and network access logs for anomalous activity or unexpected reboots.

Proactive Monitoring: Implement network monitoring to detect and alert on unusual traffic patterns or malformed packets directed at the affected modems. System logs on the devices should be monitored for crash dumps, error messages related to input processing, and unexpected reboot events. Utilize Intrusion Detection and Prevention Systems (IDS/IPS) with updated signatures to identify and block potential exploit traffic.

Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce the risk of exploitation:

• Restrict access to the modem's management interface and any other exposed services using a firewall, allowing connections only from trusted IP addresses.
• Implement network segmentation to limit the exposure of vulnerable devices to untrusted networks.
• Deploy an upstream firewall or IPS to filter for and block malformed or malicious traffic before it reaches the vulnerable modem.

Public Exploit Available: false

Given the critical severity (CVSS 9.8) of this vulnerability and the potential for significant operational disruption, we recommend that organizations treat this as a high-priority issue. The immediate application of vendor patches is the most effective course of action. Although this CVE is not currently on the CISA KEV list, its characteristics make it a prime candidate for future inclusion. If patching is delayed, the compensating controls outlined above should be implemented without delay to mitigate the immediate risk of a service-disrupting attack.