A rather old report, that I just got around to reading reports:

Core Security Technologies reports several bugs in LinkSys Routers. Emphasis in this report is on Wireless ones. The bugs are of buffer overflow type and could allow someone to remotely access and/or control computers connected via the router much the same way as through virus/worm attacks of the computers themselves. Corrections generally require firmware patches, available from LinkSys. This advisory lists a number of affected LinkSys routers. Because it's a fairly old report (April 2003) it's possible that LinkSys will have reports on other affected models, and/or later firmware updates.

The report refers to http://www.linksys.com/download/ for US and Canadian users. The International tab at this page will refer others to an appropriate page. You will need to enter the model number of your router to get information on applicable updates.

Also reported:

"Some Cisco DSL routers have flaws that cause them to crash when their built-in Web servers, which are used to configure the routers, are presented with an improper URL. Unfortunately, the infamous Code Red worm, which was typically thought to affect Microsoft systems only, transmitted exactly this sort of URL, causing many customers' DSL routers to lock up." No specific reference given for checking this out, but users who might be affected should be able to ask Cisco. The CERT report has been moved, but I believe CERT Cisco (http://www.us-cert.gov/cas/techalerts/TA05-026A.html) is the correct link for this particular report.

And:

The Computer Emergency Response Team (CERT) reports that in some cases an Alcatel network switch has a telnet back door that lets anyone take over the switch or the network to which it is connected: CERT Alcatel (http://www.cert.org/advisories/CA-2002-32.html ). The bug affects all models in the Alcatel OmniSwitch 7000 series of modular network switches. The bug is present because Alcatel developers left an operating-system-debugging interface turned on when the product was shipped. A firmware upgrade solves the problem and is available now from Alcatel customer support. The link given to Alcatel has been "redirected" to the Alcatel homepage, but those who might be affected should be able to find appropriate help at the "support" link from there.

The MAIN POINT to be made is that any device connected to your computer can be a target for malicious attack. This includes routers, firewalls, network switches, and any other component under firmware and/or software control. Although malware attacks most frequently are directed at the computer itself, it is essential that all parts of the system be checked for available patches on a regular basis. Particular attention of course should be paid when installing any new component(s).

John