In a previous report, we released a list of SOHO router vulnerabiltiies and showed proof-of-concept (PoC) attack code for how to exploit them. For many of these routers, those PoCs operated through the main web-based interface. In this follow up study, we addressed only the extraneous, non-router services that were present on the routers. What we found was that of the 10 routers reviewed, all 10 could be compromised from the (wireless) LAN once a router had USB attached storage connected.
This is hardly surprising. Currently I only use SOHO routers as dumb wifi access points and that’s it. I don’t know why anyone would want to make one of these cheaply built devices into some kind of NAS.