> The actual goal of the attack is to allow sending packets to hosts on your network.
As I read it, it’s a little narrower than that. This attack allows someone to open up an unexpected port on your NAT gateway back to one specific host - the machine that ran the attack code in its browser. It, on its own, doesn’t get you to all the other hosts like the Smart Doormat or the IoT oven. (Though there’s a reasonable chance this gives the attacker, say, a redis port on your box, which gives them root, which then allows them to attack your doormat from there...)
As I read it, it’s a little narrower than that. This attack allows someone to open up an unexpected port on your NAT gateway back to one specific host - the machine that ran the attack code in its browser. It, on its own, doesn’t get you to all the other hosts like the Smart Doormat or the IoT oven. (Though there’s a reasonable chance this gives the attacker, say, a redis port on your box, which gives them root, which then allows them to attack your doormat from there...)