Two security researchers have outlined how hackers can use a Web browser and a little Shockwave file to exploit most Wi-Fi routers.
Ryan Naraine interviewed two researchers, Adrian Pastor and Petko D. Petkov, at the GNUCITIZEN think tank. Their big conclusion: It's trivial to construct "a massive router botnet" using a common protocol baked into modern routers.
GNUCITIZEN provides the details in a document and FAQ. For what it's worth I found the FAQ to be much more straightforward. In a nutshell, most routers use a protocol called Universal Plug and Play (UPnP) by default. Since UPnP can be accessed without authorization, a malicious Flash file can send messages. In other words, a hacker can reconfigure the router to do what he wants including redirects, reset admin credentials and all settings.
The easiest solution is to disable UPnP in your router, according to GNUCITIZEN. Taken further these flaws could create quite a bit of havoc on a municipal Wi-Fi network.