EE have released a patch for their BrightBox routers which addresses some of the issues that I disclosed. Whilst the device now takes more care of user credentials and doesn't seem to be exploitable remotely, it remains vulnerable to CSRF. This potentially allows an