A Web-based attack could be used to seize control of certain routers. The attack would work on widely used routers, including those made by Cisco’s Linksys division and D-Link. The technique, called a DNS rebinding attack, works on virtually any device that uses a default password. The attacker would use JavaScript code to trick the browser into making changes on the router configuration page. The issue is a “core browser bug” rather than a design flaw in the way the Internet’s DNS system works.”]
Source: https://www.csoonline.com/article/2122428/web-based-attacks-on-routers.html