The UK can breath a sigh of relief http://www.ispreview.co.uk/index.php/2014/09/big-uk-isps-confirm-home-routers-safe-shellshock-bug.html
Last week’s news was flooded with coverage of a new vulnerability in the command-line Bash interface (shell) for many Linux / Unix based systems, called SHELLSHOCK (CVE-2014-6271). Bash forms a part of everything from web servers to Smartphones (iPhone, Android etc.) and even quite a few broadband routers, but don’t worry because most of you will be safe.. probably, hopefully.
So what about all those home broadband routers that the big ISPs often bundle for free? The good news is that most of them and many other embedded devices actually make use of the Busybox software instead of the Bash, which is NOT vulnerable to the bug.
This article has some comments from the big UK based ISP companies that might reassure most of us, let us hope BT are a bit safer than they seem to be implying, their response seems a bit weaker than it could be.