Web attack could hit home routers

If you haven't changed the default password on your home router, do so now. That's what researchers at Symantec and Indiana University are saying, after publishing the results of tests that show how attackers could take over your home router using malicious JavaScript code.

For the attack to work, the bad guys would need a couple of things to go their way. First, the victim would have to visit a malicious Web site that served up the JavaScript. Second, the victim's router would have to still use the default password that it's pre-configured with it out of the box.

Article

I always figured there could be some sort of vulnerability in the fact that most routers are configured through a web browser.

Of course common sense should dictate that you should never leave your password as "linksys", or "admin"(which are very common default passwords)

Dont be surprised if the hackers move on to other common ones like abc123. :P