Several faults in Cox broadband modems may have affected millions of gadgets

AndyC 4 June 2024

Several faults in Cox broadband modems may have affected millions of gadgets

Multiple flaws in Cox modems could have impacted millions of devices

Several faults in Cox broadband modems may have affected millions of gadgets

Pierluigi Paganini
June 04, 2024

An expert uncovered various security loophole in Cox broadband modems which might have affected countless devices.

Sam Curry, a cybersecurity researcher, detected multiple problems in Cox broadband modems that could have been used to alter the settings of the insecure modem and execute harmful instructions on them.

Cox stands as the biggest private broadband issuer in the United States, the third-biggest cable TV provider, and the seventh-biggest phone provider in the nation with millions of clients.

“This series of vulnerabilities showed a method through which an external attacker without any prerequisites could have performed commands, altered millions of modems’ configurations, accessed any enterprise customer’s PII, and acquired practically the same authorizations as an ISP support team.” posted Curry.

Curry explained a theoretical assault situation where a malevolent actor could leverage exposed APIs to target Cox corporate clients.

The assault includes hunting for a precise target by using identifiable details like name, phone number, email, or account number. Once a match is identified, the attacker uses the returned UUID to search the API for the complete PII of the target, including device MAC addresses, email, phone number, and physical location. With the hardware MAC address, the malevolent actor can obtain the WiFi passcode and a list of connected gadgets, enabling them to perform arbitrary commands, modify device attributes, and eventually seize control of the victim’s account. This jeopardizes the security of the target’s network and poses a risk to their personal and business data.

Cox broadband modems

The flaws were reported by the researchers on March 4, 2024, through the company’s responsible disclosure initiative. Cox resolved the issues within a day.

The company also probed whether the vulnerabilities had ever been leveraged in real-world assaults, however, they found no proof of prior exploitation.

“They had also informed me that they had no affiliation with the DigitalOcean IP address, meaning that the device had definitely been hacked, just not using the method disclosed in this blog post.” appended Curry.

Pierluigi Paganini

Connect on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – hacking, Cox broadband modems)

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , , , , , , , , , , , , ,

More Stories

Securing the Road Ahead: The Intersection of Cybersecurity and Intelligent Transportation

Securing the Road Ahead: The Intersection of Cybersecurity and Intelligent Transportation

AndyC 18 December 2025
Memory efficiency: Apple’s new competitive advantage

GNV ferry fantastic under cyberattack probe amid remote hijack fears

AndyC 18 December 2025
Askul data breach exposed over 700,000 records after ransomware attack

Askul data breach exposed over 700,000 records after ransomware attack

AndyC 18 December 2025
Russian state hackers targeted Western critical infrastructure for years, Amazon says

Russian state hackers targeted Western critical infrastructure for years, Amazon says

AndyC 18 December 2025
U.S. CISA adds a flaw in multiple Fortinet products to its Known Exploited Vulnerabilities catalog

U.S. CISA adds a flaw in multiple Fortinet products to its Known Exploited Vulnerabilities catalog

AndyC 18 December 2025
Security by Design: Why Multi-Factor Authentication Matters More Than Ever

Surveillance at sea: Cruise firm bans smart glasses to curb covert recording

AndyC 18 December 2025

You may have missed

Security by Design: Why Multi-Factor Authentication Matters More Than Ever

Inside the Global Airline that Eliminated 14,600 SaaS Security Issues with AppOmni

AndyC 18 December 2025
Security by Design: Why Multi-Factor Authentication Matters More Than Ever

Cybersecurity Crossed the AI Rubicon: Why 2025 Marked a Point of No Return

AndyC 18 December 2025
Security by Design: Why Multi-Factor Authentication Matters More Than Ever

When Zero-Days Go Active: What Ongoing Windows, Chrome, and Apple Exploits Reveal About Modern Intrusion Risk

AndyC 18 December 2025
Securing the Road Ahead: The Intersection of Cybersecurity and Intelligent Transportation

Securing the Road Ahead: The Intersection of Cybersecurity and Intelligent Transportation

AndyC 18 December 2025
Memory efficiency: Apple’s new competitive advantage

GNV ferry fantastic under cyberattack probe amid remote hijack fears

AndyC 18 December 2025

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.