Yes, but if it's behind a NAT gateway, how is it going to get the initial infection? I know there are ways, but realistically none of them make sense in this context.
Yeah, you'd need someone on the network to be doing something like browsing the internet and coming across a malicious website capable of making requests to other nodes on the local network, or downloading something that gives an attacker userspace access to scan the local network.
Those situations strike me as super rare, unlikely, and unrealistic, too.
