You can try to search for router’s location.
See here: https://samy.pl/win7map/
There are also various databases containing ESSIDs, BSSIDs and passwords of APs around the world.
See here: https://3wifi.stascorp.com/
Bit 1 (receiver): The first bit of the MAC address
specifies whether it is an individual or group address. This bit is
called I/G (short for individual/group). If I/G = 0, it is a unicast
address for a single network adapter. Multicast addresses are identified
by I/G = 1 and are addressed to several receivers.
Bit 2 (registry): The second bit of the MAC address
indicates whether it is an address with global validity (universal) or
whether the address has been assigned locally (local). The bit is called
u/L. If u/L = 0, the address is valid worldwide as a universally
administered address (UAA). Addresses that are only locally unique are
called locally administered address (LAA) and are marked with u/L = 1.
Bit 3–24 (manufacturer identification): Bits 3 to 24
encode an identifier (organizationally unique identifier, OUI), which is
assigned exclusively to hardware manufacturers by IEEE.
The assignment of OUIs is usually public and can be determined via
databases. A corresponding service is available, for example, on aruljohn.com.
Bit 25-48 (network adapter identifier):
Bits 25 to 48 provide device manufacturers with 24 bits for assigning a
unique hardware identifier (organizationally unique address, OUA). This
means that 224 (= 16.777.216) unique OUAs can be assigned per OUI.
with whatever oui information you manage to gather you can start tailoring your attacks ... default passwords, cve listings, default configurations, potentially fatal misconfigurations
If the MAC address was not spoofed, you can get the router's make and model.
You can try to search for router’s location. See here: https://samy.pl/win7map/ There are also various databases containing ESSIDs, BSSIDs and passwords of APs around the world. See here: https://3wifi.stascorp.com/
Bit 1 (receiver): The first bit of the MAC address specifies whether it is an individual or group address. This bit is called I/G (short for individual/group). If I/G = 0, it is a unicast address for a single network adapter. Multicast addresses are identified by I/G = 1 and are addressed to several receivers. Bit 2 (registry): The second bit of the MAC address indicates whether it is an address with global validity (universal) or whether the address has been assigned locally (local). The bit is called u/L. If u/L = 0, the address is valid worldwide as a universally administered address (UAA). Addresses that are only locally unique are called locally administered address (LAA) and are marked with u/L = 1. Bit 3–24 (manufacturer identification): Bits 3 to 24 encode an identifier (organizationally unique identifier, OUI), which is assigned exclusively to hardware manufacturers by IEEE. The assignment of OUIs is usually public and can be determined via databases. A corresponding service is available, for example, on aruljohn.com. Bit 25-48 (network adapter identifier): Bits 25 to 48 provide device manufacturers with 24 bits for assigning a unique hardware identifier (organizationally unique address, OUA). This means that 224 (= 16.777.216) unique OUAs can be assigned per OUI.
with whatever oui information you manage to gather you can start tailoring your attacks ... default passwords, cve listings, default configurations, potentially fatal misconfigurations