I’ve noticed, whilst sat on the train, an AP called “MOXA”. A quick google shows that these guys are in the “industrial IoT” market. I suspect they have something to do with the CCTV on the train.
Off to Shodan for a search, limited to port 80.
~90 devices come back, nearly all MiiNePort E2. Very few have authentication turned on, many that do are using default credentials.
A quick glance through the user guide shows that there is a disturbingly easy to trigger reset process:
Also, there appears to be a utility called NPort which is used for discovering devices. It wouldn’t be the first time that a discovery protocol has been the downfall of one of these bridges.