[michaellosee]

They gave the exploit a "1337 compromise" award, so it is almost as bad as it gets.

While you still have the Q1000, be sure that you have the remote interface disabled and use the NoScript browser plugin. Those two items will mitigate a lot of the risk.

I replaced my Actiontec Q1000 with a used Zyxel Q1000Z I got for $30. I haven't had time to assess the Q1000Z yet, but it does not have any known 0-day vulnerabilities.

[sitkack]

Actually the parent should firewall off both sides of the router and turn off internal management, Samy has been p0wning routers from inside the network since 1989.

[michaellosee]

That is true. Those first two recommendations are good bang for your buck (for the newbies), I guess I forgot I have a technical audience here :-)

Now that I'm thinking about it transparent bridge mode might do the trick as well.