How good do you reckon a 6 years past EOL consumer linux device's defences against a browser running 3rd (or 1st) party javascript making http requests to http://192.168.0.1..254]/cgi-bin/factoryRestore.sh?
How much would you bet against that being an unauthenticated call or one with leaked hard coded reds?
Not sure this makes any sense, the 6 years past EOL consumer linux device isn't running a browser.
Or are you assuming the user's browser itself is compromised and is running random javascript hitting the NAS address? That would be unfortunate, but I'm not sure I'd blame it on the "6 years past EOL consumer linux device"
Doesn’t need any browser compromise as such, just a user on the same wifi network running a browser and visiting a site with malicious JavaScript (possible a malicious site, possible a benign site with us delivered by a shitty ad network, possible a poorly secured site with persistent xss flaws).
Classic old cross origin request forgery. It ranks #7 I owasp’s top 10 website security flaws, and they have this to say about it:
“XSS is the second most prevalent issue in the OWASP Top 10, and is found in around two thirds of all applications.“
I remember Opera showing an error when I tried to follow a link from Internet to a private addresses (192.168.0.0/16 and such). Don't browsers enforce that anymore?
gives me a 403 Forbidden error, and if there was a known default password to my router - it'd try and do a factory reset on it. (It actually wouldn't, it'd send back a confirmation popup, but...)
How much would you bet against that being an unauthenticated call or one with leaked hard coded reds?