ISE, a security research company, has published a report detailing the ease with which they were able to compromise several popular SOHO routers.
I strongly recommend everyone read the following article.
However, users should not immediately freak out. While possible, these attacks do carry with them some limitations. Without access to your local network there is not a known exploit which will compromise your router without your clicking on a malicious link or running a malicious file. Furthermore, only two models of routers (Belkin N300 and Belkin N900) can be attacked from the Internet without having login credentials to the router.
See the ISE report for which model routers are susceptible to which threats. The identity of five of the compromised models has not yet been released as patches have not yet been made available.
It is very important that router owners use WPA encryption on their networks (avoid WEP!) and ensure that the admin credentials on their router have been changed from their defaults. Additionally, be on the lookout for router vendors to be pushing firmware updates in the near future to address these concerns.