The generation of SOAP messages using the Flash plug-in enables the attacker to avoid the problem of password authentication, and the fact that many home routers are configured to accept SOAP messages without any type of authentication compounds the threat.