http://www.theregister.co.uk/2013/10/13/dlink_routers_have_admin_backdoor/
QuoteA group of embedded device hackers has turned up a vulnerability in D-Link consumer-level devices that provides unauthenticated access to the units' admin interfaces.
The flaw means an attacker could take over all of the user-controllable functions of the popular home routers, which includes the DIR-100, DI-524, DI-524UP, DI-604S, DI-604UP, DI-604+ and TM-G5240 units. According to the post on /DEV/TTYS0, a couple of Planex routers are also affected, since they use the same firmware.
In the words of Colonel Klink
Hoooooooogan!!
So I guess I'm buyin' a new router then WHEEEEE
That's a pretty dumb security hole. But I suspect similar types of things exist in other router firmware.
If this doesn't get a patch pushed out within the week I'd be flabbergasted.