His particular demo only works with a specific Verizon router, but the notional attack works against any wireless router that has any XSS flaw --- ie, any wireless router.

There are really just two simple ideas here (taking a couple simple ideas and plugging them together in some totally unexpected way being a Samy Kamkar trademark):

* Any website can usually use reflected XSS to interact with a browser's upstream wireless router, because wireless routers suck, and because they assume that the "inside" network is safe.

* There are databases that translate wireless MAC into location (like Skyhook).