{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreib3euhuxvqg3ply5lwmzzo2tajosz56snatwhdvmhb7wcargfof7q",
    "uri": "at://did:plc:haakkg7y3xdghcdmprxeexso/app.bsky.feed.post/3mnytyshecqy2"
  },
  "path": "/t/remote-attack-surface-of-router-in-bridge-mode/38464#post_2",
  "publishedAt": "2026-06-11T08:23:12.000Z",
  "site": "https://discuss.privacyguides.net",
  "textContent": "Bridge mode removes most of the normal router-side exposure, but I would not treat an unpatched cable router as having no attack surface. The DOCSIS/modem side is still managed by the ISP network, and some boxes leave a management UI or services reachable on a local management IP even while bridged. If you use it, I’d at least disable Wi-Fi/telephony/remote admin/UPnP on the Fritzbox, check whether its web UI is reachable from the OpenWrt side, and keep the OpenWrt router doing all firewalling. For a low-risk home setup it may be acceptable as a stopgap, but if you are trying to avoid unmaintained firmware entirely, a supported modem from the ISP is the cleaner option.",
  "title": "Remote attack surface of router in bridge mode"
}