The hackers exploited CVE-2023-20198 to retrieve running configuration files from the devices and modified at least one of the files to create a GRE tunnel allowing traffic collection from the network the devices were connected to.

tbf they’ve been patched for ages and/or you can just turn the http web interface off, it’s 2 lines of config that takes 30 seconds to apply

We were alerted on the day and had a fix rolled out by end of day on hundreds of routers, this is a bit embarrassing for the canadian telcom tbh