[gemexe]

I wonder how many of the affected routers have their remote management interfaces turned on by default - if they are off (as they should be) then it probably isn't that big a deal... I mean, loads of routers have admin:admin set and left unchanged

[duskwuff]

That doesn't actually mitigate the problem much, if at all. Many of these devices are likely to be vulnerable to CSRF; a malicious web page may be able to trigger requests which log into a local router and perform management tasks.

[d4n3]

I think modern browsers prevent cross-requests to local subnets so this may mitigate CSRF