Hacker can leak the current session of admin to perform authentication bypass on the Linksys E1700.
First, in order to leak the admin's current session ID, the attacker needs the admin to log in to the web management interface so that the router can generate a valid session ID string.
Second, once the admin is logged into the web interface, the attacker can send a GET request to the URI: /goform/* with the "Referer" header containing the word "login" in order to retrieve the admin's current session ID.
Using the admin session ID, an attacker can perform actions as if they were the admin by sending requests containing the session ID. Alternatively, they can simply use the ExportSettings function to retrieve the login password.
The attacker can modify the router's configuration, resulting in numerous potential security vulnerabilities.