Cox Biz Auth-Bypass Bug Exposes Millions of Devices to Takeover

04-June-24

A critical API authorization-bypass flaw in Cox Communications’ infrastructure exposed millions of business customer devices to potential attacks, allowing threat actors to access sensitive information and execute commands with ISP support team privileges. Discovered by independent researcher Sam Curry, the vulnerability stemmed from errors in the Spring code used to proxy API requests. Curry reported the issue on March 4, and Cox promptly patched it, asserting no history of exploitation.

[Read More…](source news url for read more)