Security mavens have uncovered a design flaw in most home routers that allows attackers to remotely control the devices by luring an attached computer to a booby-trapped website.

http://www.channelregister.co.uk/2008/01/15/home_router_insecurity/

A comment states:

My Belkin FSD7230-4 wireless router has a firmware setting to disable UPNP connections. UPNP is OFF by default.

So that headline should probably read “some home routers are vulnerable…”

Just checked my router and it’s a Belkin with UPNP disabled by default, so this is one for any of you with the affected routers (Linksys, Dlink and SpeedTouch) to worry about.</smug mode>

Netgear gives you a choice on the settings and it’s set to OFF by default.