Millions of modems by U.S. broadband provider Cox could have been hacked through the exploitation of several authentication bypass vulnerabilities that could enable privilege escalation and data exfiltration activities, reports The Hacker News.
Nearly 700 API endpoints are exposed to the now-addressed flaws, which could be leveraged by threat actors to facilitate business account information and MAC address retrieval, as well as modem configuration setting overwriting and command execution, according to a report from cybersecurity researcher Sam Curry, who attributed the issue to router and modem management challenges.
"Building a REST API that can universally talk to likely hundreds of different models of modems and routers is really complicated. If they had seen the need for this originally, they could've built in a better authorization mechanism that wouldn't rely on a single internal protocol having access to so many devices. They have a super hard problem to solve," Curry added.
