|
|
|
|
|
|
by peeters
2452 days ago
|
|
|
Depends on the attack and the vulnerability. The article does say this: > The attacks work when routers use weak administrative passwords and are vulnerable to CSRF attacks. Which implies that a cross site request is being made. So e.g. you put a hidden form in a netf1ix.com page whose action is at some URL on the router. The user ends up accidentally posting data to that URL which is not affected by CORS and same-origin. |
|
|