The attack targets the management page where network topology is displayed. If a user with administrative privileges logs in and navigates to this area, the malicious script executes with the same privileges as the user, potentially leading to:

Do not rely on the stock passwords printed on the device sticker or provided by the ISP. Change both the standard user password and the master admin password to complex, unique strings. Keep Firmware Updated