A lot of these routers might have their web console visible on the WAN side.
Other clever attacks are simple: most of the routers use default subnets of 192.168.0.0/24 with a gw at 192.168.0.1.
A malicious site can make a post to 192.168.0.1 with user name/pw super super and say reconfigure your local dns settings so that they can man in the middle something like traffic that would normally go to an ad network. They can then serve up their own ads and make profit$.
Other clever attacks are simple: most of the routers use default subnets of 192.168.0.0/24 with a gw at 192.168.0.1.
A malicious site can make a post to 192.168.0.1 with user name/pw super super and say reconfigure your local dns settings so that they can man in the middle something like traffic that would normally go to an ad network. They can then serve up their own ads and make profit$.