Today the CVE-2014-9222 router vulnerability AKA 'misfortune cookie' has been announced at http://mis.fortunecook.ie/ This is reported to affect many broadband routers all over the world. The web page has further details. We are contacting our suppliers for their take on this, we'll post follow-ups to this status post shortly. It is also worth noting that at the time of writing CVE-2014-9222 is still 'reserved': http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9222
Technicolor Routers:- These routers are not (yet?) on the list, we are awaiting a response from Technicolor regarding this. Update: Technicolor say "We don’t use that webserver, so not impacted”"
ZyXEL P-660R-D1: This router is on the list. We are awaiting a response from ZyXEL though. We do already have this page regarding the web interface on ZyXELs: http://wiki.aa.org.uk/Router_-_ZyXEL_P660R-D1#Closing_WAN_HTTP and closing the Web server from the WAN may help with this vulnerability. Update: The version of RomPager (the web server) on ZyXELs that we have been shipping for some time is 4.51. Allegedly versions before 4.34 are vulnerable, so they may not be vulnerable. You can tell the version with either: wget -S IP.of.ZyXEL or curl --head IP.of.ZyXEL Update 2015-01-07: P-660R-D1 Not affected: http://www.zyxel.com/support/ZyXEL_Helps_You_Guard_against_misfortune_cookie_vulnerability.shtml
Dlink 320B: We supply these in Bridge mode and therefore are not vulnerable.
FireBrick: Firebricks are not vulnerable.