Access to a router's GUI

The other answers are correct, however there is one big fish being mostly ignored:

DNS cache poisoning

As @Larry said, since you own the router you own the DNS. Meaning you can cause any other user of that network, use any server you want for any address they request.

But more than that:

  • You can make leave your DNS ownership in place, even when you're not there anymore other users will continue to use your servers.
  • Even after the other users leave, you can still own whatever address they try to access.
    To clarify, let's assume some victim at some point uses the coffeeshop to access http://www.google.com/. This should resolve to 209.85.143.104. However, because you pwned the router, you're sending anyone who requests http://www.google.com/ to 207.200.14.140. This will continue to happen, even after you go home...
    Now, what happens if you set the TTL for the DNS response (the one returning 207.200.14.140 for http://www.google.com/), to some value far in the future? The victim will go home, back to his "secure" network, and at some point will again browse to http://www.google.com/. Shouldn't be a problem, right? Well, the TTL caused the DNS response to stay cached on your machine, so your browser now doesnt even bother making another DNS request - it just sticks with the 207.200.14.140 it got at the coffeeshop. That you gave it. 3 weeks ago.

Just a suggestion? A bit borderline, but since noone at the coffeeshop cares (or probably even knows how to logon to a router what that even is), do them a favor: change the password for them. Write it down for them, hand it to the manager, and if he really needs it, he'll figure out what to do, and maybe even learn a lesson.
Of course, this is borderline ethical, maybe even illegal, so caveat emptor. But other users WILL be grateful (even if they know nothing about it).


Was prompted by conversation with @Iszi on chat to make things much clearer - to just highlight the main increased risks.

An attacker could reroute every request sent by users of the network leading to:

Phishing attack - for example the normal guidance for users is to never click on untrusted links for things like online banking, but to always type in the url for www.examplebank.com. Controlling the router lets an attacker get around that control easily so you could end up at a site which will grab your online banking credentials as you log in.

Malware attack - You can be rerouted to a site which will attempt to download malware onto your computer even though you specified a known good URL

Inline data injection/modification - An attacker could modify any data in transit. This would be hard to do from the perspective of a user of the wireless network, but much more straightforward for an attacker if all data was routed via a server they control

Other attacks based on this Man In the Middle - various other compromises

The internet is your oyster with this one - effectively users would no longer be able to trust any communication through the network! It is almost as good as pwning the users computer.

The other points I mentioned are already possible on wireless networks so I have taken them out.


If you own the router, you own the internet effectively. For example, you can tell the router to use your computer as the DNS server for all the clients on the network - that means you own address resolution for every client on the network.