There's a lot of ways to access internal interfaces. By executing javascript on an internal computer for example. An img src is enough for simple requests.
If the home router implements uPnP (many do), and if that implementation is insecure (all are), you can often pop holes from the outside.
And that's just the two ideas to try first... Don't expect a disabled remote admin to protect you from anything else than automated bots.
If the home router implements uPnP (many do), and if that implementation is insecure (all are), you can often pop holes from the outside.
And that's just the two ideas to try first... Don't expect a disabled remote admin to protect you from anything else than automated bots.