*safe*
Note that the exploit requires the ability to USE HTTP POST. If you’re not running websites with unauthenticated POST commands, you’re safe. This exploits CGI-BIN/PHP, and that’s only useable if you’ve left your cgi-bin wide open.
Since most of us are smart enough to secure our websites (right guys?), this isn’t a huge issue.
If you have a router with “password” as the password, enjoy your worms!