The Router Is Not a Passive Device - It's the Attack Surface Routers with default credentials and unpatched firmware are accessible from the internet in multiple deployments across organizations. These devices allow remote access to internal network data without authentication. No evidence of detection exists in monitored environments. The vulnerability is tied to a publicly disclosed CVE (CVE-2025-6843), rated as high severity due to its ability to bypass authentication through a hardcoded backdoor in the device's web interface. Patch availability was not correlated with deployment status; over 73% of affected devices remained unpatched at time of compromise. The exploit did not require zero-day techniques or complex evasion methods. Instead, it relied on predictable vendor defaults: default usernames (admin), default passwords (123456, admin), and exposure of the management interface via standard ports with no access restrictions.…