Not sure you'll see this, with HN's lack of notifications, and so much time elapsed but here's the answer:
Most consumer routers do not support disabling the web interface on the local network, as it's the primary (only?) means of administration for them. This attack relies on getting users to browse to an address with default creds by some means, with a URL prepended that will cause the desired action to occur. More often than not a popular action is to modify the DNS servers used, so that DNS traffic can then me manipulated to point to malicious servers used for the ultimate attack.
Most consumer routers do not support disabling the web interface on the local network, as it's the primary (only?) means of administration for them. This attack relies on getting users to browse to an address with default creds by some means, with a URL prepended that will cause the desired action to occur. More often than not a popular action is to modify the DNS servers used, so that DNS traffic can then me manipulated to point to malicious servers used for the ultimate attack.