A number of WNDR series devices contain an embedded SOAP service for use with the NetGear Genie application. This service allows for viewing and setting of certain router parameters, such as WLAN credentials and SSIDs, connected clients, guest WLAN credentials and SSIDs, and parental control settings.
Security pro Peter Adkins discloses vulnerabilities that can be leveraged “externally” over the internet, if affected NetGear WNDR devices have their remote / WAN management enabled. The included proof of concept queries this service in order to extract the admin password, device serial number, WLAN details, and various information regarding clients currently connected to the device.
Read more here – https://github.com/darkarnium/secpub/blob/master/NetGear/SOAPWNDR/README.md