"Eloi Vanderbeken from Synacktiv has identified an intentional backdoor in a module by Sercomm used by major router manufacturers (Cisco, Linksys, Netgear, etc.). The backdoor was ostensibly fixed — by obfuscating it and making it harder to access. The original report (PDF). And yeah, there is an exploit available ..."
What the hell does all that mean? It means that all the routers listed here are sitting with a gaping security hole in them. A hole that's there by design, apparently. Because instead of fixing the hole, they just kind of papered over it a bit. Kicked some sand on it to hide it, you might say. But its still there, waiting for just the right packet to come along and let somebody completely p0n3 your router. Yeah, that one you rent from the phone company, that little box that plugs into the wall.
What can happen? From the link,
Once the backdoor is switched back on, it listens for TCP/IP traffic just as the original firmware did, giving “root shell” access—allowing anyone to send commands to the router, including getting a “dump” of its entire configuration. It also allows a remote user to access features of the hardware—such as blinking the router’s lights.
They get to pretty much completely do whatever they want to your network, from add wi-fi users to lock you out of your own network.
Can you fix it? Yes. Get a PROPER router, one that isn't a piece of cable company shit. If you want to be really sure... forget it. If the manufacturers are putting back doors in the firmware, we're f-ed. You'd have to make your own from scratch.