British Telecom has released a firmware upgrade for their Wi-Fi extender. Investigation by Pen Test Partners uncovered vulnerabilities in the firmware. Could be XSS (Cross Site Scripting) Exploits as well as the ability to change the users password without notification. BT was quick to offer an upgrade, available here, which resolves the issues. Customers should ensure they download the firmware update from the BT website. The telecommunications giant are not aware of any cases where customers have suffered any issues.”]
Source: https://securityaffairs.co/wordpress/51547/breaking-news/bt-wi-fi-extenders-xss.html