Around six million Sky Broadband customer routers in the UK were affected by a critical vulnerability that took over 17 months to roll out a fix to customers.
The disclosed vulnerability is a DNS rebinding flaw that threat actors could easily exploit if the user had not changed the default admin password, or a threat actor could brute-force the credentials.
The result of the exploitation would be to compromise the customer’s home network, change the router’s configuration, and potentially pivot to other internal devices.