Re: Well so where's the problem?
you run a "reflection attack"
Yup. All the attacker needs is for you to visit a page with a CSRF vulnerability. Of which there are approximately one zillion.
Pivot-and-escalate is one of the most common attack approaches. Everyone in IT should know that.
It's not a problem that the owner (or renter, or however the agreement with AT&T works) can get root. It's a problem that anyone can, trivially.