Hype from a "security" company. This is hardly anything new. Anybody running an HTTP interface on their router with a default password is probably already hacked anyway.
Can you explain why a router maker would allow someone on the external internet to connect to the http interface? Surely, such a router should only allow a dhcp client to do this, and it should certainly know their IP addresses.
What is this stuff about malicious sites? Does that just give them an IP address to attack by trying to connect back to the router?