A number of routers from TP-Link have been found to be vulnerable to a website-based DNS hijacking attack. The vulnerability enables attackers to access the web-based administration page of the routers and also the hijacking of DNS requests to redirect users to phishing and other malicious websites. Full details at Hexus.
The following devices are confirmed to be vulnerable:
TP-Link WR1043ND V1 up to firmware version 3.3.12 build 120405 is vulnerable (version 3.3.13 build 130325 and later is not vulnerable)
TP-Link TL-MR3020: firmware version 3.14.2 Build 120817 Rel.55520n and version 3.15.2 Build 130326 Rel.58517n are vulnerable (but not affected by current exploit in default configuration)
TL-WDR3600: firmware version 3.13.26 Build 130129 Rel.59449n and version 3.13.31 Build 130320 Rel.55761n are vulnerable (but not affected by current exploit in default configuration)
WR710N v1: 3.14.9 Build 130419 Rel.58371n is not vulnerable
Some other untested devices are also likely to be vulnerable
Lell helpfully provides a step-by-step method for people to check to see if their router could be exploited by the newly discovered vulnerability (near the bottom of his article). Meanwhile if you have an affected router it is recommended that you change the default login/password, opt not to save that info in the browser, open a new browser before logging into your router, then restart your browser after finishing your administrative fiddling.