Is there any specific reason why the firmware RUT9_R_00.07.06.18 on admin web interface index page load tries to execute external javascript file (238380 bytes) from github cdn? Sure there are features that access outside internet, but loading (in this case trying to load in Chrome) external javascript file without permission is not one of them.
I could not find reason for the web interface to need this at least on my router. Only thing I see it could be related to is the geofencing configuration done on GPS enabled routers. I understand the script is a bit large to fit the router flash (possibly the real reason). Maybe the script should only be loaded when geofencing setup view is open (if even available on specific router).
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'wasm-unsafe-eval'
....
https://cdn.jsdelivr.net/gh/openlayers/openlayers.github.io@4eccf2cf93856a69c7c982df04ae8b91b43aac52/en/v6.4.3/build/ol.js
It sounds like the router’s firmware might be attempting to load the script for features like geofencing, which could require external resources. It’s possible the script is too large for the router’s internal storage, so it loads externally. It would make sense to load it only when necessary, like when accessing geofencing setup, to avoid unnecessary external calls.