My BT broadband connection is Infinity 1 (FTTC). BT supplied a Homehub 6 router in December 2017, with firmware version SG4B1000B540. I believe BT installed that firmware remotely on 5 April 2018.
I use Avast Free Antivirus on my Windows 10 computer. According to Avast, the BT Homehub 6 router has a Unix operating system with a Broadcom chipset.
When I performed a system scan, Avast reported that this router suffers from the DnsMasq heap buffer overflow vulnerability, so it is at risk from attacks from within my network, described at http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-20... and https://security.googleblog.com/2017/10/behind-masq-...
Avast recommends that to address the vulnerability, I should apply a firmware or system update that contains DnsMasq software version 2.78 or higher, which should be provided by my device's manufacturer.
BT provide firmware updates remotely via their network from time to time, so I have no control over that aspect. Furthermore, I don't know whether an update is available for the Homehub 6 router. However, my wireless network is password protected with a strong password, so is this a real risk and should I be concerned?