The C0XMO botnet is actively exploiting an unconfirmed authentication bypass in DD-WRT router firmware to compromise devices without credentials and enlist them in large-scale DDoS campaigns. No CVE has been assigned and no vendor patch or advisory has been confirmed; the CVSS 8.8 score is editorially assigned based on attack scope. Any organization or individual running DD-WRT with internet-exposed management interfaces or default credentials faces active compromise risk. The primary immediate actions are disabling remote management and changing all default credentials.