O2 has fixed a potential security problem with a router used by its broadband customers.
Paul Mutton, a British security researcher, said there was a serious vulnerability in a customised ASDL router - the O2 Wireless Box III.
There was a design flaw which allowed attackers to perform cross-site forgery attacks, allowing them to view and change settings on the modem.
He said that the flaw could allow a remote attacker to steal the router's wireless encryption key, even if WPA2 was enabled.
It could also list all the internal IP addresses used on the user's network and forward external ports to the IP addresses, which would allow remote access to potential hackers.
Mutton warned that other internet service providers (ISPs) could be using similar routers, which would mean that millions of broadband users could be vulnerable.
O2 has now fixed the problem for its customers. A spokesperson said: "Having been notified of a potential security issue with our O2 wireless box we have been working to find a solution.
"We have taken this issue very seriously and have been continuing to investigating it with the router's manufacturer, Thomson.
"As a result we have identified a solution and we will be applying this remotely to all of our customers O2 wireless boxes. This means that customers will not have to take any action themselves."
