There is a serious security vulnerability in the firmware of many ASUS routers that allows unauthenticated command execution. The bug may be present in all current versions of the router firmware, and there is an exploit published for it, as well.
Security researchers Joshua Drake posted an advisory on the vulnerability on Thursday, detailing the bug and saying that the best defense likely is to remove the remote command execution function from the vulnerable service. The culprit is a service called infosvr, which is designed to help admins find and configure routers on a network segment.
"Several models of ASUS's routers include a service called infosvr that listens on UDP broadcast port 9999 on the LAN interface. It's used by one of ASUS's tools to ease router configuration by automatically locating routers on the local subnet. This service runs with root privileges and contains an unauthenticated command execution vulnerability," Drake wrote in his advisory.
Continued: http://threatpost.com/root-command-execution-flaw-haunts-asus-routers/110276
Related:
Asus wireless router flaw opens network to local attackers
Got an Asus router? Someone on your network can probably hack it
ASUS Routers Plagued by Command Execution Vulnerability
Most Asus routers affected by hijack bug; exploit posted

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic