This is an interesting paper. It discusses ways to escape isolated networks by using protocols that are built into routers.
I understood much of what was being said, but there are a couple of things I’m not completely clear on. Some of the issues are due to crappy implementation on consumer routers. However, are routers like pfsense and the USG vulnerable to any of this? More specifically, are our networks potentially vulnerable due to compromised devices on an IoT network? If so, how significant is the risk, and what are best practices to mitigate that risk?