Researcher Uncovers Flaws in Cox Modems, Potentially Impacting Millions
Jun 03, 2024
Endpoint Security / Vulnerability
Now-patched authorization bypass issues impacting Cox modems could have been abused as a starting point to gain unauthorized access to the devices and run malicious commands. "This series of vulnerabilities demonstrated a way in which a fully external attacker with no prerequisites could've executed commands and modified the settings of millions of modems, accessed any business customer's PII, and gained essentially the same permissions of an ISP support team," security researcher Sam Curry said in a new report published today. Following responsible disclosure on March 4, 2024, the authorization bypass issues were addressed by the U.S. broadband provider within 24 hours. There is no evidence that these shortcomings were exploited in the wild. "I was really surprised by the seemingly unlimited access that ISPs had behind the scenes to customer devices," Curry told The Hacker News via email. "It makes sense in retrospect that an ISP should be able