Connect with us

Hi, what are you looking for?


Network Security

Vulnerabilities Exposed Millions of Cox Modems to Remote Hacking

Cox recently patched a series of vulnerabilities that could have allowed hackers to remotely take control of millions of modems.

Modem hacked

Telecoms giant Cox Communications recently patched a series of vulnerabilities that could have allowed hackers to remotely take control of millions of modems used by the company’s customers, according to a researcher.

The vulnerabilities were discovered and responsibly reported to Cox in early March by Sam Curry, a reputable researcher who previously uncovered serious security flaws in products from Apple, airline and hotel rewards platform, and vehicles from over a dozen car makers

Curry started looking into the security of Cox modems in 2021, after his home modem was hacked. At the time, the telecoms firm replaced his compromised device with a new one before he was able to conduct a detailed analysis, but he took a closer look at Cox modems and systems in early 2024. 

His recent analysis led to the discovery of an API for which authorization could be bypassed, potentially enabling an unauthenticated attacker to gain the same privileges as Cox’s tech support team. Specifically, an attacker could abuse this API to overwrite configuration settings, access the router, and execute commands on the device. 

“This series of vulnerabilities demonstrated a way in which a fully external attacker with no prerequisites could’ve executed commands and modified the settings of millions of modems, accessed any business customer’s PII, and gained essentially the same permissions of an ISP support team,” the researcher explained in a blog post detailing his work

In a theoretical attack scenario described by Curry, an attacker could have searched for a targeted Cox business user through the exposed API using the target’s name, email address, phone number, or account number. 

The attacker could then obtain additional information from the targeted user’s account, obtain their Wi-Fi password, and execute arbitrary commands, update device settings, or take over accounts.

Cox was informed about the vulnerabilities on March 4 and took action to prevent exploitation by the next day. The company also told Curry that it was conducting a comprehensive security review following his report. 

Advertisement. Scroll to continue reading.

The vendor told the researcher that it had found no evidence of the vulnerability being exploited in the wild for malicious purposes.  

Related: Cinterion Modem Flaws Pose Risk to Millions of Devices in Industrial, Other Sectors

Related: Mysterious Threat Actor Used Chalubo Malware to Brick 600,000 Routers

Related: ‘5Ghoul’ Vulnerabilities Haunt Qualcomm, MediaTek 5G Modems

Related: Cuttlefish Malware Targets Routers, Harvests Cloud Authentication Data 

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.


People on the Move

Gabriel Agboruche has been named Executive Director of OT and Cybersecurity at Jacobs.

Data security startup Reco adds Merritt Baer as CISO

Chris Pashley has been named CISO at Advanced Research Projects Agency for Health (ARPA-H).

More People On The Move

Expert Insights