Just listening to Security Now #80 in which Steve and Leo discuss a Javascript exploit that aims to compromise home routers with default password.

I strikes me that its a very short leap to combine this Javascript approach with the broken security implementation in certain routers that I blogged on recently. In fact, the Javascript approach overcomes the main limitation of the vulnerability hack which is that it required LAN access to your router to do anything more than mischief.