Recently, DefenseCode researchers have uncovered a remote root access vulnerability in the default installation of Linksys routers. Further research revealed that the vulnerability is even more dangerous, since the same vulnerable firmware component is also used by numerous other router manufacturers.
The remote preauth format string vulnerability in the Broadcom UPnP stack can be exploited to write arbitrary values to an arbitrary memory address, and also to remotely read router memory. When exploited, it allows an unauthenticated attacker to execute arbitrary code under the root account.