As reported at there is a vulnerability in the http-server for the DD-WRT management GUI that can be used for execution of an exploit to gain control over the router.
milworm has reported an exploit affecting the http server used by of dd-wrt, the replacement firmware for select models Linksys wireless routers.  The exploit affects installs that have enabled web access on the internet side of the router.
Details of the exploit can be found at
DD-WRTs response and fix can be found at