adida101: I highly doubt it would be done remotely


An ISP in nz has been issuing a certain brand of wifi router for a number of years with the default password of admin/admin and an exposed web interface on port 80.
It is indeed possible to scan the ip ranges, find heaps and heaps of these routers, log into them, view the page source on the ppp settings page, find the user's login username and password in plain text then visit the isp's website and access the customer portal.

TPLink has an issue where some of their routers have an exposure issue where DNS server addresses are changed remotely (no firmware update for older models - thanks TPlink!)
The rogue dns servers redirect your www.google.com query to a fake and show you messages about your flash player being out of date, encouraging you to download their malware.

Routers being accessed remotley is a big issue.