Hacker News new | ask | show | jobs
by homeomorphic 4625 days ago
Sure, but all the adversary needs is for the user to visit a webpage that makes his/her browser contact the router (i.e. from within the LAN). If the adversary has to take into account defeating the user's password, this becomes an impractical attack. With the backdoor, however…
1 comments
xyzzy123 4624 days ago
Might be hard to set the user-agent for a JavaScript cross-origin request though...
link
throwaway2048 4624 days ago
flash allows you to generate UPNP requests, just generate one to forward the web server port to the internet, and you have an easy solution.
link