Security News > 2024 > June > Cox fixed an API auth bypass exposing millions of modems to attacks
Cox Communications has fixed an authorization bypass vulnerability that enabled remote attackers to abuse exposed backend APIs to reset millions of modems' settings and steal customers' sensitive personal information.
The attackers could've used this access to exploit any of the millions of Cox devices accessible through the vulnerable Cox APIs, overwriting configuration settings and executing commands on the device.
"There were over 700 exposed APIs with many giving administrative functionality. Each API suffered from the same permission issues where replaying HTTP requests repeatedly would allow an attacker to run unauthorized commands."
As part of a follow-up security review, Cox also investigated whether this attack vector had ever been exploited before being reported but said it found no evidence of previous abuse attempts.
Widely used modems in industrial IoT devices open to SMS attack.
Check Point releases emergency fix for VPN zero-day exploited in attacks.
News URL
Related news
- New Cryptojacking Attack Targets Docker API to Create Malicious Swarm Botnet (source)
- Vulnerable APIs and Bot Attacks Costing Businesses Up to $186 Billion Annually (source)
- EDRSilencer red team tool used in attacks to bypass security (source)
- Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks (source)