"Vulnerabilities Exposed Millions of Cox Modems to Remote Hacking"

Telecoms giant Cox Communications recently announced that it patched a series of vulnerabilities that could have allowed hackers to remotely control millions of modems their customers used.  A security researcher, Sam Curry, discovered the vulnerabilities and responsibly reported them to Cox in early March.  Curry found an API for which authorization could be bypassed, potentially enabling an unauthenticated attacker to gain the same privileges as Cox’s tech support team.  Specifically, an attacker could abuse this API to overwrite configuration settings, access the router, and execute commands on the device. The vendor told Curry that it had found no evidence of the vulnerability being exploited in the wild for malicious purposes.  

 

SecurityWeek reports: "Vulnerabilities Exposed Millions of Cox Modems to Remote Hacking"

Submitted by Adam Ekwall on