CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Network Security

Vulnerabilities Exposed Millions of Cox Modems to Remote Hacking

Cox recently patched a series of vulnerabilities that could have allowed hackers to remotely take control of millions of modems. The post Vulnerabilities Exposed Millions of Cox Modems to Remote Hacking appeared first on SecurityWeek.

Modem hacked

Telecoms giant Cox Communications recently patched a series of vulnerabilities that could have allowed hackers to remotely take control of millions of modems used by the company’s customers, according to a researcher.

The vulnerabilities were discovered and responsibly reported to Cox in early March by Sam Curry, a reputable researcher who previously uncovered serious security flaws in products from Apple, airline and hotel rewards platform Points.com, and vehicles from over a dozen car makers

Curry started looking into the security of Cox modems in 2021, after his home modem was hacked. At the time, the telecoms firm replaced his compromised device with a new one before he was able to conduct a detailed analysis, but he took a closer look at Cox modems and systems in early 2024. 

His recent analysis led to the discovery of an API for which authorization could be bypassed, potentially enabling an unauthenticated attacker to gain the same privileges as Cox’s tech support team. Specifically, an attacker could abuse this API to overwrite configuration settings, access the router, and execute commands on the device. 

“This series of vulnerabilities demonstrated a way in which a fully external attacker with no prerequisites could’ve executed commands and modified the settings of millions of modems, accessed any business customer’s PII, and gained essentially the same permissions of an ISP support team,” the researcher explained in a blog post detailing his work

In a theoretical attack scenario described by Curry, an attacker could have searched for a targeted Cox business user through the exposed API using the target’s name, email address, phone number, or account number. 

The attacker could then obtain additional information from the targeted user’s account, obtain their Wi-Fi password, and execute arbitrary commands, update device settings, or take over accounts.

Cox was informed about the vulnerabilities on March 4 and took action to prevent exploitation by the next day. The company also told Curry that it was conducting a comprehensive security review following his report. 

The vendor told the researcher that it had found no evidence of the vulnerability being exploited in the wild for malicious purposes.  

Related: Cinterion Modem Flaws Pose Risk to Millions of Devices in Industrial, Other Sectors

Related: Mysterious Threat Actor Used Chalubo Malware to Brick 600,000 Routers

Related: ‘5Ghoul’ Vulnerabilities Haunt Qualcomm, MediaTek 5G Modems

Related: Cuttlefish Malware Targets Routers, Harvests Cloud Authentication Data 

Latest News

CYBERNEWSMEDIAPublisher