the router sniffed plaintext http to grab HTTP User agents to put them into a curl bash command line string. Nice RCE from the browser.