6 million routers exposed to vulnerability during 17 months
Around six million Sky Broadband customer routers in the UK were affected by a critical vulnerability, a DNS rebinding flaw, that took over 17 months to roll out a fix to customers. The disclosed vulnerability could easily be exploit if the user had not changed the default admin password, or a threat actor could brute-force the credentials.
The result of the exploitation would be to compromise the customer’s home network, change the router’s configuration, and potentially pivot to other internal devices. In The Netherlands consumers can choose their own modem and router with all providers starting in 2022.